Legal Services

Privacy & Confidentiality

Hong Kong’s data protection and privacy laws are primarily governed by the Personal Data (Privacy) Ordinance (Cap. 486) (PDPO), which sets out six key principles for handling personal data. These principles cover lawful collection, accuracy, proper use, security safeguards, transparency, and individuals’ rights to access and correct their data.

The Office of the Privacy Commissioner (PCPD) enforces the PDPO, investigates breaches, and can impose fines or criminal penalties for violations, particularly in cases like unauthorized direct marketing or data leaks.

Our firm provides legal services to help businesses comply with data privacy laws. We assist with compliance audits, privacy policies, breach response, and regulatory investigations, ensuring adherence to the PDPO.

Explore What We Do

Compliance & Regulatory Advisory

  • Advising businesses on PDPO

  • Drafting privacy policies, data collection notices, and consent forms

Rights of data subjects

  • Advising data subjects of their rights under PDPO

  • Issuing demand letters to access and correct personal data kept by a data user or to opt out of direct marketing

Breaches of privacy laws

  • Advising on and handling breaches or alleged breaches of the PDPO

  • Negotiating settlements

  • Commencing or defending legal actions breaches or threatened breaches of the PDPO