Data Protection & Privacy

Nowadays, data protection and privacy are critical considerations for companies, employees and customers. Sensitive information commonly stored or accessible by companies, be that employee records, customer details, system access passwords, transaction records, intellectual property, or trade secrets, needs to be protected from unauthorized access and misuse.  In addition, incompliance with data protection and privacy laws can be costly and leave yourself open to reputational damages, civil as well as criminal liabilities. 

ONC is the go-to firm for data protection and privacy matters.  We have notable expertise in the retail, financial services, healthcare, technology and communications sectors and have handled various global compliance projects and regulatory litigation over recent years.  Whatever your business structure and problems, we provide on-time, pragmatic and up-to-date legal advice on a full spectrum of issues ranging from employment data protection, data security breaches to global data governance and compliance work.  We also have experience in interfacing with regulators at the local and international levels in areas ranging from data loss to cybersecurity issues.

Our services include the following areas:

  • Management of employee personal information and sensitive information for advertising and marketing;
  • Employee monitoring and suspected-target screening;
  • Data collection via whistleblower hotlines;
  • Data breaches and cyber incidents;
  • Cloud services and mobile privacy breaches;
  • Data protection and privacy policies for business groups and their websites;
  • Cross-border data transfer projects;
  • Handling regulatory inquiries and litigation;
  • Defending against enforcement actions by regulatory and law enforcement agencies;
  • Regulatory compliance in connection with local and international regulatory regimes;
  • Compliance projects and policies in collaboration with human resources and technology departments of business groups.

If you would like to seek advice on data protection and privacy issues, please contact us at (852) 2810 1212 or at

Please refer to our articles in ‘Knowledge’

Recommended Posts

Can police search your mobile phone?
Mobile phone privacy is always a concern for the public. With the advancement of technologies, mobile phones have become a convenient work tool for us and we rely on various smartphone features such as internet, instant messenger, email, etc. to communicate, share digital files and photos, and complete work tasks. In a recent judicial review before the Court of First Instance, Sham Wing Kan v Commissioner of Police [2017] HKCU 2725, an important question of whether the police has power to search and examine without warrant the digital content of mobile phones and other personal digital communications devices found on the person arrested was raised.
Proposed public inspection regime to limit access to company directors’ data in Hong Kong – Potential shortcomings and our recommendations
Recently, the Government has begun its review as to whether personal data contained in the Companies Register (the “Register”) such as information pertaining to addresses of directors should be maintained with the Register. In response, the Financial Services and the Treasury Bureau (the “Bureau”) along with the Companies Registry (the “CR”) submitted a paper to the Legislative Council on 29 March 2021 (the “Proposal”), which proposed to bring into operation a new inspection regime (the “Regime”) that has been included the Companies Ordinance (“CO”) when the legislation was made in 2012.
Hong Kong amends personal data protection laws to combat doxxing
With an aim to combating doxxing acts that are intrusive to personal data privacy, the Constitutional and Mainland Affairs Bureau proposed amendments to the Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”) on 11 May 2021. The amendment bill was passed on 29 September 2021 and the Personal Data (Privacy) (Amendment) Ordinance 2021 (“Amendment PDPO”) has come into force on 8 October 2021. To facilitate implementation of the Amendment PDPO, the the Office of the Privacy Commissioner for Personal Data (“Commissioner”) issued a guideline in October 2021 to provide guidance on the scope of doxxing offences and powers of the Commissioner regarding doxxing acts under the Amendment PDPO (“Guideline”).
Back to top