Learn more about our comprehensive legal services.
Advising our clients on different opportunities and challenges of the industry.
Developing a unique culture, which blends traditional client care with modern technology and working practices since 1851.
Stay up to date on the latest news and legal insights.
News & Insights
The novel coronavirus pandemic has undeniably disrupted the way people do business around the world. In January 2020, the Hong Kong SAR government announced work-from-home arrangements for civil servants (with emergency and essential service exceptions). Private sector organisations soon enforced similar work-from-home and flexible hour practices to minimise social contact. The government has announced quarantine measures for travellers to avoid spreading of the virus. In a place like Hong Kong where people are generally familiar with the use of advanced digital technology, most businesses are able to continue operations in an uninterrupted manner. Without being physically in the office, employees can still get their job done efficiently: edit documents, exchange information, and confirm orders through remote access to the company’s IT infrastructure, personal computers, mobile devices, instant messaging, and digital audio and video conferencing.
Data and confidentiality protection
In this new mode of work, businesses are facing a challenge to maintain a high level of data and confidentiality protection. Employees who work from home may possibly transfer data, which may include sensitive and confidential business data or trade secrets, using unsecured devices. The flexible workplace policy aggravates the problem when people are required to get the job done using alternative or innovative ways without physical presence or contact. In this respect, businesses are reminded that:
a. | Companies should not forget the importance of maintaining confidentiality of sensitive business information. It is particularly the case if companies have given legally-binding undertakings to other parties to keep certain information confidential. It is not untypical that a confidentiality agreement or undertaking requires the company to disclose confidential information to its employees only on a “need-to-know basis”. The company may also be obliged to require its employees to keep the information confidential. A work-from-home setting may compromise the company’s ability to uphold protection of confidentiality. Companies should remind employees of their legal obligations and the need to refrain from circulating confidential information outside of the company’s VPN. Companies should formulate a policy to regulate sensitive data flow in a work-from-home environment, and restrict employees from sharing work stations or passwords. |
b. | As far as personal data is concerned, businesses shall comply with the Data Protection Principles (DPPs) contained in the Personal Data (Privacy) Ordinance (Ordinance) which outline how data users should collect, handle and use personal data. Specifically, DPP4(1) in the Ordinance requires data users to take all practicable steps to ensure that the personal data it holds is protected against unauthorised or accidental access, processing, erasure, loss or use. Consideration should be given to, among others, the physical location of where the data is stored, security measures incorporated into the equipment to safeguard such personal data, and measures taken for ensuring the secure transmission of the data. Companies should take proper actions to ensure these DPPs are observed. Once personal data is transferred outside of the company’s secured system say by an employee through a personal device, how can the Company ensure proper storage, and that it will be erased if needed? The Company’s privacy policy should address these issues and it should be brought to the attention of the employees. |
Cybersecurity
With social distancing being the principal method for combating the virus worldwide, businesses have become more dependent on digital infrastructures and tools. The devastating result of a cyberattack would be unimaginable. Hackers may attempt to take advantage of this challenging time by sending phishing emails with health related topics like “last chance to buy cheap surgical masks” or “coronavirus vaccine” to bait people to click on links embedded with malicious malware. This could have disastrous results including possible damage to IT infrastructure, sensitive data exfiltration or malware infection. Hong Kong has been ranked as one of the top global destinations for cyberattacks in recent years. Digital security should be high on the priority list of businesses in terms of crisis management in this pandemic era.
Companies should:
The novel coronavirus pandemic has presented the world with unprecedented threats – stay agile and alert.
Subscribe to Publications
Sign up for our regular updates covering the latest legal developments, regulations and case law.