Hong Kong - Privacy Commissioner Issues New Guidance On BYOD.

3 November, 2016

In August 2016 the Hong Kong Privacy Commissioner for Personal Data issued guidance for employers who operate a Bring Your Own Device (BYOD) scheme.

The guidance can be viewed here.

The guidance highlights the following issues:

Use of BYOD by definition means that employees will be accessing company-collected personal data on their own mobile devices. This means that data is being transferred from the employer’s secure systems onto what is likely to be a less secure mobile device. The Commissioner stresses that the employer remains responsible for the security of the data in accordance with the Personal Data Privacy Ordinance (the Ordinance) (notwithstanding that it is stored on an employee’s own device) and should take effective steps to ensure that its obligations are met.
The employer would also have an obligation to respect the privacy of the employee’s own personal data on their personal device and any measures taken should take that distinction into account.
Any company policy on retention and deletion of data should be considered in light of BYOD and any appropriate amendments made to accommodate a BYOD practice. Consideration should also be given to lost or sold devices, and to the security measures applied on termination of employment.
It is recommended that employers put a clear policy in place. We would advise that such policy deals with roles and responsibilities, security, monitoring and access (including any intended remote access) to the device. Any policy should be reviewed and updated regularly in order to respond to developing circumstances and risks.
The Commissioner confirms that obligations in respect of access to and correction of personal data apply to personal devices as much as corporate ones. Employers should therefore ensure that their access and correction procedures capture and review data from any relevant personal devices.
Conducting a risk assessment is an effective way of evaluating risk and ensuring any remedial steps are proportionate.
Technology can assist in addressing security concerns, such as additional layers of password protection and encryption.

For further information, please contact:

Jennifer Van Dale, Partner, Eversheds

jennifervandale@eversheds.com

Hong Kong – Privacy Commissioner Issues New Guidance On BYOD.

Malaysia – General Average And Salvage.

- Philip Teoh - Azmi & Associates, Azmi & Associates

Role Of Technology In Legal Service Delivery.

Process Optimisation In Legal Teams: Improving Workflow Efficiency.

Mastering Legal Contracts: Key Contract Law Terms And Agreements Explained.

UK – ONS Publishes Annual Gender Pay Gap Data For 2024.

Chambers Insolvency Guide 2024 On Macau SAR.

- Pedro Cortés - Lektou,

Quick Guide: IP Protection For Personalised Medicine.

Significant GDPR Enforcement In Ireland.

US – Six Years In The Making, DoD Releases Proposed Rule Requiring Disclosure Of Foreign Review Of Code For It, Cybersecurity, Critical Infrastructure, And Weapons System Products And Services.

US – SEC ESG Enforcement Is Still Alive.

CONVENTUS LAW

OTHERS

Hong Kong – Privacy Commissioner Issues New Guidance On BYOD.

Register for your monthly Asia legal updates from Conventus Law

Footer

CONVENTUS LAW

OTHERS