Hong Kong's data breach notification scheme : From the stakeholders’ perspectives

Research output: Journal Publications and Reviews (RGC: 21, 22, 62)21_Publication in refereed journalpeer-review

View graph of relations

Author(s)

Related Research Unit(s)

Detail(s)

Original languageEnglish
Article number105579
Journal / PublicationComputer Law and Security Review
Volume42
Online published7 Aug 2021
Publication statusPublished - Sep 2021

Abstract

Data breach notification laws have been enacted in an increasing number of economies around the world. These laws establish the requirement for notice in the event of a data breach incident. Although, there are a number of reasons for requiring data breaches to be notified, the primary objective of the laws is to regulate organizations’ data security practices in order to protect the data privacy of its customers. In so doing, the data reporting obligations promote accountability, transparency and trust, thereby improving the overall organizational data security environment. Opinions are, however, divided amongst various private sector stakeholders on the issue of mandatory data breach notification. Drawing on the interviews with 24 private sector representatives with interest in data breach issues, this article documents and examines their position on the appropriate regulatory approach for data breach notification in Hong Kong.

Research Area(s)

  • Data breach notification, Hong Kong, Qualitative investigation, Review of personal data (privacy) ordinance, Stakeholders’ perspectives