Hong Kong's data breach notification scheme: From the stakeholders’ perspectives

Rebecca Ong; Sandy Sabapathy

doi:10.1016/j.clsr.2021.105579

Hong Kong's data breach notification scheme : From the stakeholders’ perspectives

Research output: Journal Publications and Reviews (RGC: 21, 22, 62) › 21_Publication in refereed journal › peer-review

Overview

View graph of relations

Author(s)

Rebecca Ong
Sandy Sabapathy

Related Research Unit(s)

School of Law

Detail(s)

Original language	English
Article number	105579
Journal / Publication	Computer Law and Security Review
Volume	42
Online published	7 Aug 2021
Publication status	Published - Sep 2021

Link(s)

DOI	DOI https://doi.org/10.1016/j.clsr.2021.105579 Final Published version
	Check@CityULib
Link to Scopus	https://www.scopus.com/record/display.uri?eid=2-s2.0-85112015549&origin=recordpage
Permanent Link	https://scholars.cityu.edu.hk/en/publications/publication(26ee6f1e-29cc-4a7e-952c-704623bea370).html

Abstract

Data breach notification laws have been enacted in an increasing number of economies around the world. These laws establish the requirement for notice in the event of a data breach incident. Although, there are a number of reasons for requiring data breaches to be notified, the primary objective of the laws is to regulate organizations’ data security practices in order to protect the data privacy of its customers. In so doing, the data reporting obligations promote accountability, transparency and trust, thereby improving the overall organizational data security environment. Opinions are, however, divided amongst various private sector stakeholders on the issue of mandatory data breach notification. Drawing on the interviews with 24 private sector representatives with interest in data breach issues, this article documents and examines their position on the appropriate regulatory approach for data breach notification in Hong Kong.