In April 2015, Hong Kong’s Administrative Appeal Board (AAB) ruled that the territory’s Privacy Commissioner (PC) is obliged to continue investigating a data privacy complaint that it had discontinued, even though the breach concerned had already been rectified.

In their article for the Computer Law & Security Review on the implications, Gabriela Kennedy and Karen Lee discuss this ruling and its implications.