Review and public consultation on cybersecurity law in 2022

Review and public consultation on cybersecurity law in 2022


In this instant legal update, we report that on May 25, 2022, in a written response from Mr. Alfred Sit, Secretary of Innovation and Technology, to questions from the Legislative Council on cybersecurity standards in Hong Kong, Mr. Sit confirmed that the Hong Kong Government is considering legislation to clearly define the cybersecurity obligations of critical infrastructure operators in Hong Kong.

This has been foreshadowed since the director general’s 2021 political direction. The political leadership noted that, together with management in various countries and regions, the Hong Kong government will promote the establishment of a management system by critical information infrastructure operators (“IIC operators”). for the safe operation of these information systems and networks. This would be combined with preparatory work for the enactment of cybersecurity legislation, with the aim of strengthening the cybersecurity of critical information infrastructures in Hong Kong by clearly delineating cybersecurity obligations for operators.

This policy statement was repeated at the briefing of the Legislative Council on Information Security of the Office of the Head of Government (OGCIO) at the Panel on Information Technology and Broadcasting. In its final statements on the way forward for information security in Hong Kong, the OGCIO stated that it would support the Security Office in its preparatory work for the enactment of cybersecurity legislation to define clearly the cybersecurity responsibilities of IIC operators and strengthen the protection of the operation and data of Hong Kong’s network systems and critical infrastructure information systems.

The key additional points in the response of the Secretariat of Innovation and Technology on May 25, 2022 are:

  • Legislation was needed to complement the cybersecurity guidelines and requirements imposed by individual regulatory authorities, as Hong Kong has no specific legal requirements on the cybersecurity of critical information infrastructures.
  • Legislative proposals will take into account the cybersecurity standards adopted by other jurisdictions around the world.
  • Most importantly, a public consultation would begin before the end of 2022.

Overall, a unified approach to cybersecurity in Hong Kong is a welcome development. As with any legislative change, the devil will be in the detail. The details that will define the political effect and the direction of the proposed laws will be:

  • the proposed scope of terms such as CII operators.
  • any proposed restrictions on the transfer outside Hong Kong of data collected or generated by IIC operators.
  • whether network operators will be included within the scope of the regulation and, if so, the proposed scope applied to that term.
  • the proposed authority designated as the competent authority for supervision and enforcement.

This is a political initiative mainly under the powers of the Security Office.

The full question and answer from the Secretariat for Innovation and Technology on the review of the proposal and the public consultation on cybersecurity is available here.



Source link

Related post

Q&A: Bold Schools Can Use Technology to Serve Pedagogy

Q&A: Bold Schools Can Use Technology to Serve Pedagogy

The word “bold,” as I use it, is just a mash-up of the words “mixed” and “old,” as a reminder that…
HCL Group acquires majority stake in vernacular edtech platform GUVI

HCL Group acquires majority stake in vernacular edtech platform…

IT firm HCL Group has acquired a majority stake in vernacular edtech platform GUVI that offers technical courses, the company said…
NIT Srinagar’s Torus club organises model quiz

NIT Srinagar’s Torus club organises model quiz

Torus club of NIT Srinagar is organizing a modeling competition Posted on Friday, January 7, 2022 Srinagar, January 06: Torus-design thinking…

Leave a Reply

Your email address will not be published.