As work-from-home (WFH) arrangements become more prevalent, the Privacy Commissioner for Personal Data, Hong Kong has issued three guidance notes for the handling of personal data connected with WFH arrangements.

An employer’s legal obligations as a data user are no different in a WFH arrangement than those in an office environment. However, the circumstances around how personal data may be used, stored and handled will be different in a WFH setting and employers need to cater for that. Employers should consider how personal data may be used, stored and handled in the WFH environment and address their obligations as a data user under the Personal Data (Privacy) Ordinance (PDPO). The three guidance notes will provide some assistance in doing this. Some of the recommendations in the guidance notes will seem obvious (like having appropriate policies and training), while others are a bit more technical dealing with device management, VPNs and remote access.

The guidance notes are not statements of law and employers have no legal obligation to follow the recommendations in the notes. That said, employers that comply with the recommendations are unlikely to breach the PDPO.

The guidance notes are available at the following links:-