Bring Home the Data? New Hong Kong Data Privacy Guidelines for BYOD Policies

Computer and Telecommunications Law Review has published Gabriela Kennedy’s article on personal data and cybersecurity risks that often arise when a company develops a Bring-Your-Own-Device (BYOD) practice. Gabriela discussed the new Information Leaflet issued by the Hong Kong Privacy Commissioner, which aims to help companies continue to comply with the Personal Data (Privacy) Ordinance (Cap. 486) (PDPO) as BYOD practices become increasingly widespread across all industries. The author looks at the balance that must be achieved between protecting the personal data collected by a company and respecting the privacy of their employees’ own personal data, and recommends that companies implement a BYOD policy, carry out a detailed risk assessment, as well as conduct regular reviews of their internal policies and security measures so as to avoid vulnerabilities that could result in cyberattacks or accidental loss or disclosure by employees. Gabriela is the Asia editor of Computer and Telecommunications Law Review.