The legislation is due for amendment since its last substantive amendment in 2012.
The Constitutional and Mainland Affairs Bureau released LC Paper. No. CB(2) 512/19-20(03), a discussion paper seeking the Legislative Council’s Panel on Constitutional Affairs’ (the Panel) views on proposed changes to the Personal Data (Privacy) Ordinance (Cap.486). The proposed changes follow proposals by the Privacy Commissioner for Personal Data, and include six proposed amendments:
- Inclusion of a Mandatory Data Breach Notification Mechanism;
- Requirement for retention policy and specified Data Retention Period;
- Provision of Sanctioning Powers to PCPD to impose administrative fines and raise relevant criminal fine levels;
- Regulation of Data Processors;
- Amending the Definition of Personal Data to cover information relating to an "identifiable" natural person;
- Regulation of Disclosure of Personal Data of Other Data Subjects to curb doxing;