Adrian Warr
Jan 30, 2020

As HK examines privacy laws, businesses should begin preparing

With Hong Kong proposing to overhaul its privacy laws, and trust in technology low, it's time for businesses to get their crisis communications ducks in a row.

As HK examines privacy laws, businesses should begin preparing

The Hong Kong Government has just taken a major step in ensuring that companies do more to protect all data under their control. Hong Kong’s proposed new data privacy laws could instruct companies to notify the government of a data breach within five days or face the prospect of a HK$178 million fine (US$22.9 million), or 4% of global turnover. If passed, this would bring Hong Kong more in line with European GDPR requirements.

Edelman has been measuring stakeholder trust linked to issues such as privacy for many years via its Trust Barometer, which has shown the importance people place on the protection of their personal data. This week’s Risk Barometer Report from Allianz and the chatter dominating Davos 2020 also further highlight the intensified focus on data security and privacy issues, which have placed cybersecurity as the number one risk factor facing businesses around the world today.

If passed, the stricter data privacy proposals would dramatically impact how companies in Hong Kong manage their data and the ever-present risk from data breaches. However, few businesses here, or for that matter globally, are in a position to live up to these new requirements while also ensuring the protection of their brand and reputation.

The newly proposed regulation puts companies headquartered or operating in Hong Kong at the cutting edge of this issue, and demands they devise a clear communications process before they have all the facts in place in the event of a cyber-attack.

Former executive chairman and CEO of Cisco Systems, John Chambers, noted that there are two types of companies today—those which have been hacked, and those which don’t know they have been hacked. Unless companies have made thorough advance plans, five days is an improbable timeline to allow for a response that does not risk serious reputational damage.

This is not a communications challenge that can be addressed overnight or even within the mandated five-day window. All scenarios and protocols must be anticipated and put in place months in advance if a company is going to meet these new legal requirements as well as meet its responsibilities to its stakeholders.

Ahead of any breach, it is vital that the internal legal, IT, and communications departments take part in extensive planning across all parts of the company. Crucially, company leadership must immediately be activated to lead a massive customer, employee and corporate stakeholder communications effort in order to retain trust from multiple audiences while meeting the proposed compliance obligations required within the five-day timeframe.

These are not actions that can be left to the last minute. A well-planned and coordinated communications process must be ready to report the incident, the results of any initial investigation, impact on stakeholders and to begin remediation from the get-go. They must do this while also working to retain reputational capital and brand trust.

Edelman’s Trust Barometer has found widespread public mistrust of technology, the sector that has, in previous years, consistently been the most trusted of all business sectors. Six in 10 of the global population now say the pace of change in technology is too fast, and the same number (61%) believe governments don’t understand emerging technologies enough to effectively regulate them.

Hong Kong’s proposed update of data protection laws has raised the stakes for preparedness, but in order to maintain trust levels this competence must also be accompanied within an ethical framework that is driven from the top. Without these two distinct considerations (which define competence as “getting things done” and ethical behavior as “doing the right thing and working to improve society”), trust for an organisation is limited.

A data breach is essentially a breach of customer trust, but if companies can prepare for the worst, they can protect themselves now rather than face a series of fines, fees and a lifetime of diminished trust in their brand and reputation.


Adrian Warr is the CEO of Edelman Hong Kong and Taiwan, Market Growth Thailand.

Source:
Campaign Asia

Related Articles

Just Published

22 hours ago

Generation Greytt: The trillion-dollar market that ...

Armed with unprecedented pocket power and digital savvy, the over-50s are redefining what it means to age. Yet businesses remain fixated on youth, overlooking a demographic that's more adventurous, connected and ready to spend than ever before. Rajeev Lochan opines.

23 hours ago

TBWA dominates in Japan/Korea AOY 2024 awards

Accenture Song and TBWA walked home with multiple metals at the 2024 Campaign Asia-Pacific Agency of the Year awards for Japan and Korea. Check out the highlights here.

1 day ago

Hong Kong's unique spirit: A 'Never Normal' love ...

Forget dim sums and skyscrapers, over 40 brands and influencers from Hong Kong join forces to embrace the city's chaotic charm, eclectic character, and resilient spirit in an unconventional campaign.

1 day ago

Global ad spend to hit $1.08 trillion in 2024 as ...

WARC's latest study also reveals tech giants' intensifying dominance of global ad spend and social media leading unprecedented growth—but regulatory headwinds still threaten to reshape this burgeoning landscape.