Hong Kong's data breach notification scheme : From the stakeholders’ perspectives

Research output: Journal Publications and ReviewsRGC 21 - Publication in refereed journalpeer-review

2 Scopus Citations
View graph of relations


Related Research Unit(s)


Original languageEnglish
Article number105579
Journal / PublicationComputer Law and Security Review
Online published7 Aug 2021
Publication statusPublished - Sept 2021


Data breach notification laws have been enacted in an increasing number of economies around the world. These laws establish the requirement for notice in the event of a data breach incident. Although, there are a number of reasons for requiring data breaches to be notified, the primary objective of the laws is to regulate organizations’ data security practices in order to protect the data privacy of its customers. In so doing, the data reporting obligations promote accountability, transparency and trust, thereby improving the overall organizational data security environment. Opinions are, however, divided amongst various private sector stakeholders on the issue of mandatory data breach notification. Drawing on the interviews with 24 private sector representatives with interest in data breach issues, this article documents and examines their position on the appropriate regulatory approach for data breach notification in Hong Kong.

Research Area(s)

  • Data breach notification, Hong Kong, Qualitative investigation, Review of personal data (privacy) ordinance, Stakeholders’ perspectives