On September 13, 2023, the Office of the Privacy Commissioner for Personal Data (PCPD) made an announcement regarding a data breach notification it received from Hong Kong Cyberport Management Company Limited on August 18, 2023. Following established procedures, the PCPD initiated a compliance check into this incident. The PCPD advised Cyberport to promptly notify the affected data subjects. Currently, the PCPD cannot disclose additional information.

Given that the incident involved the leakage of personal data, the PCPD has established a hotline for the public to make inquiries or file complaints. Since September 13, 2023, the hotline has received 11 inquiries.

The PCPD recommends that organizations handling personal data implement the following data security measures to safeguard data security and prevent malicious attacks on their information systems:

• adopt data governance and organizational measures: organizations should establish clear internal policies and procedures on data governance and data security, including the appointment of suitable personnel in a leadership role to bear specific responsibility for data security, and ensure sufficient training is provided for staff members;
• conduct regular risk assessments on data security for new systems and applications before launch, as well as regularly thereafter;
• implement a series of technical and operational security measures;
• properly manage data processors: data users must adopt contractual or other means to prevent unauthorized or accidental access, processing, erasure, loss, or use of the data transferred to the data processor;
• take timely remedial actions in the event of data security incidents, thereby reducing the gravity of harm that may be caused to the organization and affected individuals; and
• regularly monitor, evaluate, and improve compliance with data security policies.

You can read the press release here.