view
Abstract: Data protection, an important aspect of the right to privacy, ensures that information about people is used fairly and properly. Among the regulatory measures that have been adopted to safeguard personal data is the requirement that individuals affected by a data breach be informed promptly, enabling them to act quickly and effectively to protect themselves from harm. At the same time, the existence of a duty to notify individuals affected by a data breach incentivises data users to adopt robust measures against data breaches. Many jurisdictions adopt a mandatory data breach notification system; this article examines the two leading notification models, the United States and EU models. It takes Hong Kong as a case study where there is only a voluntary system of notifying the Privacy Commissioner of any data breach in certain specified circumstances. It evaluates the operation of Hong Kong’s voluntary notification system and examines the current moves towards adopting a mandatory notification system. It examines justifications for mandatory notification and how the notification mechanism works and concludes that mandatory notification is an indispensable element of an effective regulatory system.
Keywords: Data breaches; data breach response plan; data protection principles; General Data Protection Regulation (EU); mandatory notification of data breach; Personal Data Protection Ordinance (HK); unauthorized access to personal information; US law and policy on notification
JICL welcomes full length articles (generally not exceeding 13,000 words inclusive of footnotes), shorter contributions in the form of notes and comments (generally not exceeding 8,000 words inclusive of footnotes) and book review articles of not more than 6,000 words.
We accept contributions for consideration on an exclusive submission basis. When submitting an article please certify that it is an unpublished article (that is, it has not been previously published in substantially similar form or with substantially similar content) and that it is not under consideration by any other journal.
To facilitate anonymous review, please give the names of authors and their short biographical information and acknowledgments in a separate page.
Authors retain copyright in the words used, but upon submission of material for publication, grant Sweet & Maxwell a licence to publish the submission in print and/or digital formats. Sweet & Maxwell retains copyright in the design, format and layout of all material published in JICL.
Once submissions are published, authors are entitled to one copy of the issue, 10 offprint copies and a PDF version of the submission.
Authors who send articles published in JICL to other publishers or media must include a reference to the publication of the article by JICL and Sweet & Maxwell.
Contributions and book reviews should be submitted in Microsoft Word format by way of email attachment to Professor Anton Cooray at Anton.cooray.1@city.ac.uk.
Authors should follow the OSCOLA citation system (http://www.law.ox.ac.uk/publications/oscola.php), except that we prefer authors to use indenting sparingly.
JICL uses the following heading levels: Main headings are in bold and preceded by a Roman numeral; second-level headings are in bold and italics and preceded by an uppercase alphabet; third-level headings are preceded by an Arabic numeral; and fourth-level headings are in italics and preceded by a lowercase alphabet.