On June 5, 2023, the Office of the Privacy Commissioner for Personal Data of Hong Kong (Commission) issued a press statement[1] announcing that it will commence compliance checks on all credit reference agencies (agencies) in Hong Kong.
These checks are to be carried out as a proactive measure by the Commission, arising from recent investigation findings and concerns raised by the community pertaining to the mishandling of borrowers’ credit data by the agencies.
The checks aim to ensure the protection of borrowers’ data privacy, and that there is adequate data security accorded to credit reference databases, in line with the requirements set forth in Hong Kong’s Personal Data (Privacy) Ordinance (Ordinance). The checks will, among other things, determine whether the security measures adopted by the agencies and the retention period applied to borrowers’ credit data comply with the Ordinance.
The statement also invites any person that suspects his or her credit data has been accessed inappropriately, or retained for longer than needed, to make an inquiry with the relevant agencies, or even to lodge a complaint with the Commission directly.
Comment
The proactiveness of the Commission in this context signals a marked commitment in Hong Kong toward safeguarding individuals’ data privacy. There has also been a noticeably high level of enforcement activity of late across Asia Pacific.
[1] https://www.pcpd.org.hk/english/news_events/media_statements/press_20230605.html