EN / 

2 minute read 20 Aug 2021
IT devices security

Hong Kong Companies Registry’s new inspection regime and personal data protection

Authors
Rossana Chu

Managing Partner

Direct: +852 2629 1768 | Mobile: +852 9733 6010 | rossana.chu@eylaw.com.hk

Jacky Chan

Associate

Direct: +852 2675 2167 | Mobile: +852 9359 1116 | jacky-ch.chan@eylaw.com.hk

2 minute read 20 Aug 2021

Show resources

  • Hong Kong Companies Registry’s new inspection regime and personal data protection (pdf)

    Download 275 KB

To better protect personal data of directors and relevant individuals on the Companies Registry, the Government of the Hong Kong Special Administrative Region (HKSAR) has broadly discussed and publicized its proposal to implement a new inspection regime which will come into operation by phases starting later this year.  In this article, we will discuss the proposed changes, the proposed implementation timeline as well as the issues which companies should consider when the new regime comes into effect. 

The New Inspection Regime

The proposed new inspection regime focuses mainly on the removal of unrestricted public access to obtain the residential addresses and full identification numbers (“Protected Information”) of individual company officers filed with the Companies Registry. Accordingly, only correspondence addresses (but not residential addresses) of directors and partial identification numbers of directors, company secretaries, and other relevant individuals will be made available to the public. The above changes shall apply to documents filed after the commencement of the new inspection regime.

The Protected Information of those individuals will only be made accessible, upon application to the Companies Registry, to different groups of authorities or persons as specified in the subsidiary legislation, such as shareholders of a company, public officers or public bodies (including law enforcement agencies), trustees in bankruptcy, liquidators, and inspectors under the Trustee Ordinance, the Companies Ordinance and the Anti-Money Laundering and Counter-Terrorist Financing Ordinance. Nevertheless, disclosure of Protected Information by the Companies Registry is permissible with an order of the Court.

Further, individuals whose Protected Information are contained in documents filed with the Companies Registry before the commencement of the new inspection regime can apply to the Companies Registry to withhold such material from public inspection. Also, the company may withhold the Protected Information contained in its own documents (e.g. its internal records and registers) from public inspection.

Historically, the above safeguards were put forward when the Companies Ordinance was being re-written years ago. However, due to opposing views expressed by relevant stakeholders at the time, those safeguards were not brought into operation in 2014 when the new Companies Ordinance took effect.

Timeline of the New Inspection Regime

According to the proposed schedule of the Government of HKSAR, and subject to the enactment of the relevant subsidiary legislation, the new inspection regime will be implemented as follows:

Phases Implementation date Amendments
1. 23 August 2021  Companies may withhold the Protected Information of directors and company secretaries that are contained in their own documents (e.g. its internal records and registers) from public inspection. 
2. 24 October 2022  The Companies Registry will withhold from public inspection the Protected Information of directors, company secretaries, etc. which are contained in all the documents filed with the Companies Registry for registration.
3. 27 December 2023 The individuals concerned may apply to the Companies Registry for withholding from public inspection their respective Protected Information contained in the documents already filed with the Companies Registry prior to 24 October 2022.

Key takeaways for companies

In recent years, there has been rising concerns over whether personal data contained in public registers are adequately safeguarded, especially in light of increased reported cases of doxing and personal data misuse. To tackle this problem, the Government of HKSAR including the Constitutional and Mainland Affairs Bureau are committed to combating doxing in Hong Kong by introducing the Personal Data (Privacy) (Amendment) Bill 2021 that aims to combat doxing acts that are intrusive to data privacy.

To compliment the government’s efforts, companies should implement the necessary internal processes to withhold Protected Information of their officers contained in their own documents from public inspection to avoid potential misuse of personal data.

In light of the above developments, the new inspection regime has struck a balance between public access to the necessary information to ascertain the identities of companies’ officers and protecting data privacy. Going forward, companies should ensure they are in compliance with the latest regulatory requirements, and more importantly, be equipped to tackle potential risks such as fraud and doxing arising from unauthorized access to personal data.

Show resources

  • Download Hong Kong Companies Registry’s new inspection regime and personal data protection (pdf)

Summary

To better protect personal data of directors and relevant individuals on the Companies Registry, the Government has broadly discussed and publicized its proposal to implement a new inspection regime which will come into operation by phases starting later this year. 

About this article

Authors
Rossana Chu

Managing Partner

Direct: +852 2629 1768 | Mobile: +852 9733 6010 | rossana.chu@eylaw.com.hk

Jacky Chan

Associate

Direct: +852 2675 2167 | Mobile: +852 9359 1116 | jacky-ch.chan@eylaw.com.hk