Paolo Sbuttoni, Marcia Lee and Benjamin Lau of Baker McKenzie write that the government is considering changes in the Personal Data (Privacy) Ordinance (PDPO). They write:
The Review Paper does not propose a complete redraft of the PDPO.
Instead, it focuses on six key proposals which we summarise in this update:
1. mandatory data breach notification;
2. requirement for a data retention policy;
3. introducing the ability for the PCPD to impose direct administrative
4. regulation of data processors;
5. expanding the definition of personal data; and
6. regulating the disclosure of other data subjects’ personal data.
Read more on Baker McKenzie.