30 Oct No Law to Compel Companies to Reveal Breaches, Hong Kong Privacy Chief Says
Privacy Commissioner for Personal Data Stephen Wong recently said in a radio interview that there are no laws in Hong Kong that can force companies like Cathay Pacific to disclose their data leaks to his office, or to the parties affected.
Wong added that the only thing the Office of the Privacy Commissioner for Personal Data can do is encourage them to be responsible enough to disclose them, as it is not a legal responsibility but a moral one.
The privacy chief also said that the timeframe of 72 hours to disclose a leak allowed by the GDPR is tolerant and reasonable, and added that his office has initiated a review of current law, and will actively consider whether to follow EU privacy rules.
Source: Hong Kong Free Press