The Hong Kong government is studying the need to enact a “Cyber Security Law” with aim to help society.
According to a report in Sing Tao Daily, the Hong Kong government is looking to strengthen the security of its network information systems and important infrastructure information systems. It is understood that the research direction includes consideration of requiring operators or suppliers to formulate network information data protection standards to prevent network attacks or data leakage, cooperate with contingency plans and incident reporting mechanisms.
It will also ensure that facilities are not subject to other interference or according to relevant laws and regulations in the Mainland (China), operators of important information infrastructure are required to store information and data collected in domestic operations in the country, Sing Tao Daily report said. However, Hong Kong is not sure whether it will consider adopting it.
It is known that the government will refer to the relevant cybersecurity laws of different countries, carefully study it, and plan to arrange further consultations if there is a final decision in the future.
Security Research
Cyber attacks shake up an economy, financial markets, and compromises national security at any time. Once the attack is carried out, intervention does not help much, opine cyber security experts.
For example, telecommunications service providers need to process a large amount of information and data. If local legislation is to strengthen regulations, the research direction will consider requiring the establishment of protection standards, confidential information and data, and prevent leakage, according to government sources. Also, other countries steal this information for illegal purposes.
It is in these areas that Hong Kong will conduct research, review the current work of ensuring network security and then explore how to make regulations to fill in the gaps and eliminate hidden network security risks.
At the same time, it can put in place a contingency plan, to make timely remedies in case of incidents and set up a reporting mechanism. After the incident, the authorities must be notified to replace voluntary declarations. In the future, the government will also conduct research after the above-mentioned various response plans are formulated, whether they need to be submitted to the government for review in advance.
Given that important infrastructure, including telecommunications network infrastructure, is the lifeblood of Hong Kong’s economy and society, it is expected that the government will consider whether to require holders to ensure that the facilities are not disturbed or damaged.
At present, many websites operating in Hong Kong generally have their servers and data stored in other places. If a crime is involved, after the police apply for a search warrant, the telecommunications company, service provider or provider can rely on the fact that the information is not managed by them. And in some cases even refused to provide the details, authorities said.
China’s Cyber Security Laws
In the 2021 World Internet Conference Wuzhen Summit held in the Zhejiang Province, China said that it has captured about 23.07 million samples of rogue programmes in the first half of 2021 that infected about 4.46 million main machines during the period, up 46.8 percent on a yearly basis.
In the face of such risks, the Chinese government has rolled out a series of measures to push the construction of a cybersecurity safeguard system. In China, several new laws have been released already such as China’s Cybersecurity Law, Data Security Law and Personal Information Protection Law.
China’s Standing Committee of the National People’s Congress announced the Personal Information Protection Law of the People’s Republic of China (PIPL) on August 20, 2021, which will come into effect on November 1, 2021.
As China’s first law specifically regulating the protection of personal information, the PIPL will have a direct and far-reaching impact on the protection of personal information rights of individuals, as well as data privacy compliance of enterprises.