(Q2): Prevention of personal data breaches and financial crimes
MR CHAN CHUN-YING:
Thank you, President. We can see from the figures disclosed in the Annex to the main reply that the number of data breach cases handled by PCPD and the number of cases uncovered by proactive compliance checks have both increased, which indirectly reflects that the law enforcement work has achieved some results. However, the number of cases involving data processors (including those uncovered by PCPD’s proactive checks) remains very low, which shows that PCPD’s regulation of data processors is not yet effective. The main reply also mentioned that the Government will introduce legislative amendments to directly regulate data processors. May I ask the Bureau whether, before the completion of the legislative amendment exercise, it can request PCPD to step up proactive compliance checks on data processors, so as to reduce the risk of data breaches in this regard? Thank you.
SECRETARY FOR CONSTITUTIONAL AND MAINLAND AFFAIRS:
Thank you, President, and I thank Mr CHAN Chun-ying for his supplementary question and suggestion. Indeed, we can see from the current data that although the proportion of data breaches caused by problems with data processors is not high, at around 10%, these data processors themselves should have the professional competence to cope with the work of data protection. If data breaches occur as a result of their mistakes, this is a situation we consider undesirable.
Therefore, we will step up our efforts in compliance checks, publicity and education, and regulatory guidance for these data processors. Later, when we proceed with the legislative amendments, one of our directions will be to directly impose regulation on data processors, with a view to reducing the number of cases of data breaches or data not being protected. Thank you, President.