Hong Kong's data breach notification scheme: From the stakeholders’ perspectives

Abstract

Data breach notification laws have been enacted in an increasing number of economies around the world. These laws establish the requirement for notice in the event of a data breach incident. Although, there are a number of reasons for requiring data breaches to be notified, the primary objective of the laws is to regulate organizations’ data security practices in order to protect the data privacy of its customers. In so doing, the data reporting obligations promote accountability, transparency and trust, thereby improving the overall organizational data security environment. Opinions are, however, divided amongst various private sector stakeholders on the issue of mandatory data breach notification. Drawing on the interviews with 24 private sector representatives with interest in data breach issues, this article documents and examines their position on the appropriate regulatory approach for data breach notification in Hong Kong .