Hong Kong has always been known for its economic freedom. However, that economic freedom needs rules and protections to operate on a day-to-day basis. Recently, Hong Kong has taken bold steps forward with new rules and guidelines affecting privacy and e-discovery. Paradoxically, these rules improve the status of Hong Kong in the region, but will make some longer-term changes to how corporations operate locally.
Two of the most significant rules occurred last year. In December 2014, the Hong Kong Office of the Privacy Commissioner for Personal Data published a voluntary, nonbinding Guidance Note limiting the cross-border transfer of personal data. The note fleshes out a provision restricting the transfers included in the Personal Data Privacy Ordinance that has yet to come into effect, even though the ordinance itself was enacted 20 years ago. As many firms have complex data transfer and backup procedures, organizations should use this Guidance Note as a planning tool should it eventually become enacted. Steps should include examining the guidance provisions and accordingly mapping and understanding sources of personal data. After this, companies may consider implementing some of the recommendations for data protection, including the suggested model clauses for data transfer.
As of September 2014, Hong Kong initiated a pilot e-discovery scheme for certain commercial cases as part of Practice Direction SL 1.2. The Practice Direction is designed to promote proportionate discovery in cases with more than HK $8 million at stake and 10,000 or more documents. Litigants must also complete an affidavit called the Electronic Documents Discovery Questionnaire, which requires the submission of information about custodians, the form of documents, and preservation practices.
With the increasing network of national regulatory agencies with long-arm powers, and the borderless nature of supply chains and commercial contracts and capital flows, there is increasing litigiousness in the region. Salient areas include anti-corruption and anti-bribery under the Foreign Corrupt Practices Act, banking, and patent litigation, global organizations should ensure they have mobilized the resources necessary to handle cross-border discovery projects. Essential elements of that preparation include recruiting skilled local resources capable of collecting, processing, and reviewing data in place; finding ways to limit the transfer of data; and creating the ability to restrict access to specific users and locations. Organizations doing business in other APAC nations, including China, may find it easier to transfer data to Hong Kong for dispersion elsewhere, so long as they pay due respect to any requirements of domestic national secrecy laws. In this case, they will need to investigate options for storing and processing data in a local data center designed to meet the restrictions present in many the APAC’s most stringent privacy regimes.
About the Author