,Hong Kong

The cost of data protection: making a worthwhile investment or paying for an expensive mistake

By Lawrence Chia

Data hacks, security breaches, vulnerable IT systems – these are all hot topics in Hong Kong at the moment. With high-profile data security stories dominating headlines, the importance and fragility of personal data are very much in the public eye and have turned everyone’s attention to what businesses are doing ­– or not doing – to safeguard this data.

Security breaches can be devastating to both companies and society. They have massive, long-lasting impacts: take the hack of up to 90 million Facebook user accounts that took place this September. Unknown hackers exploited a security flaw in Facebook’s code, allowing them to take over almost 50 million profiles, with 40 million more being partially compromised. Amongst the affected were Facebook's CEO Mark Zuckerberg and COO Sheryl Sandberg – proving that when it comes to online security, everyone is potentially vulnerable.

These days, sharing personal data is vital to businesses and customers. In the MICE industry, collecting data from prospects and event attendees leads to important benefits – gaining better knowledge of attendee needs and preferences, providing valuable market insights which will help refine event offerings, and gathering all-important feedback after an event. Likewise, for delegates, sharing data can make the event experience more personal, more efficient and more productive.

Whilst data is rapidly becoming one of the most important assets of any business, infrastructure and strategies to protect that data often do not keep up with the pace of change. There are many reasons – a lack of understanding of the risks of a data leak or a lack of investment in the appropriate technology are just two examples. But this is late 2018: the digital economy is taking off and personal data is becoming ever-more fluid and ‘shareable’. The risks and costs of a data breach are now too great to ignore.

In Europe, the penalties for businesses that do not protect personal data are the strictest in the world. The General Data Protection Regulation (GDPR), new rules governing data protection which came into force across the EU in early 2018, set a new global standard. Organisations are now much more accountable than before – if they do not sufficiently protect their customers’ information, they can be fined up to 4% of their annual turnover. Under the terms of GDPR, organisations must ensure that personal data is gathered legally and then respected and protected from misuse and exploitation – or face the consequences.

Different countries penalise data breaches in different ways. In the US, last year, ride-sharing giant Uber was recently ordered to pay $1.16b (US$148m) to settle federal litigation over a 2016 cyber attack that saw data from 57 million customers and drivers accessed. Meanwhile in the UK, Facebook was fined $5.11m (£500,000) by the UK’s Information Commissioner’s Office (ICO) for its role in the Cambridge Analytica scandal.

Here in Hong Kong, the consequences for businesses are less severe, for now. The government’s Personal Data (Privacy) Ordinance, enacted in 1996, was based on the EU’s Data Protection Directive – legislation which the GDPR replaced. In a recent interview, the city’s Privacy Commissioner, Mr Stephen Wong Kai-yi, admitted that his office’s enforcement power needs to be increased and that it was time to review the Ordinance. At the moment, companies can only be prosecuted if it refuses to take corrective measures to protect data – they cannot be prosecuted for allowing a breach to occur.

Whilst data breaches can be enormously costly, so can finding ways to securely protect data. Traditional data storage systems, consisting of disk drives and early-model hardware and software systems are still in widespread use today, despite their unreliability. But, according to Forbes, these old-school systems are “simply not designed to deliver on compliance challenges in this new age of policy-driven user rights and regulations”, since companies cannot legally retain data for longer than a certain time limit. Cloud-based data protection solutions and centralised data centres can be the right choice for many businesses, but it is important to discuss with experts the right strategy for your business and your budget.

Clearly, protecting data in Hong Kong involves a certain amount of expenditure. Companies can either preventatively invest in the right protections for this precious and important resource, or pay the price for not protecting it properly in the form of lost trust, potential fines and a permanently damaged reputation.

Get Hongkong Business in your inbox
Since you're here...

...there are many ways you can work with us to advertise your company and connect to your customers. Our team can help you dight and create an advertising campaign, in print and digital, on this website and in print magazine.

We can also organize a real life or digital event for you and find thought leader speakers as well as industry leaders, who could be your potential partners, to join the event. We also run some awards programmes which give you an opportunity to be recognized for your achievements during the year and you can join this as a participant or a sponsor.

Let us help you drive your business forward with a good partnership!

After transferring their existing installment loan, customers can enjoy a first 24-month principal payment holiday.
It reported a HK$1.4b loss in the same period last year.
The company recorded $811m over the same period in 2020.
Residents who stayed in Macau in the last 14 days will be ineligible to return to Hong Kong.
Total consideration for the sales amounted to $94b.
Some 10,000 eligible residents may win a free tour.
Its earnings reached HK$4,615m from HK$6,010m. 
The bulk of the proceeds will be used to fund R&D initiatives.
The bank linked this to macroeconomic conditions that put pressure on its net interest margin.
Scholars and fellows could receive up to $300,000 per year.
China’s oversight of the private sector in the past weeks has raised concerns and panic.
This was partially due to IPOs during the month.
The majority of whom will likely use their credit cards to top up.