Call for stronger regulator powers following leap in Hong Kong data breach reports

The Office of the Privacy Commissioner has revealed that it was sent 129 reports last year, and calls for a 50% increase in worker power to help support investigations in future.

That means 2018 was a record-breaking year for Hong Kong, and official sites are now firmly set on tightening data security laws as a result.

Privacy Commissioner, Stephen Wong Kai-yi has spoken out to the government in demand of personnel numbers to go up by half, to a number of around 105 to help bolster data privacy efforts.

The alarming stat coming out of the Office of the Privacy Commissioner for Personal Data (PCPD) signals a 22% increase in data breach reports in comparison to 2017. The proliferation of mobile technology and social media use among consumers has been blamed for the jump.

Even so, just four formal investigations were conducted in 2018 into data breach allegations, and Wong has emphasised the need for better awareness and education among consumers.

One of those investigations looked into the Cathay Pacific Airways case that saw seven months pass before the 9.4m travellers affected by a hack were told of the intrusion.

Consumer credit reporting agency, TransUnion, were also the subjects of a data security probe following a glitch in the firm’s access systems that compromised the details of 5.4m local users.

TransUnion, which is based in the States, has repeatedly denied the data breach took place; both Cathay Pacific and TransUnion cases are still being looked into by authorities in Hong Kong, but no official comment on each situation has been made.

Tougher data privacy laws were called for in the immediate aftermath of the Cathay Pacific case, which Wong was a supporter of.

“I’m always contented with the ‘teeth’ I have, but in view of the recent incidents, it appears that I would have done more and better had I had more teeth, or teeth that could bite,” he said.

“The … change … includes a mandatory notification mechanism – who to notify and time limit. Second, for how long data could be stored, and third for data security and increasing penalties,” Wong added.

Wong confirmed that his office is in the process of finishing revisions to the Personal Data (Privacy) Ordinance, which, it is hoped, will be ready in proposal for the government before six months of 2019 have passed.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.