Articles by Practice Area
It was all smiles on Saturday at the annual Action Asia Kayak 'n' Run event with many children from Hong Chi Winifred Mary Cheung Morninghope School being excited to be taken out on a kayak course with experienced instructors for short little races around Deep Water Bay. They all thoroughly enjoyed the outdoor experience and the rare taste of nature, before enjoying lunch at a nearby restaurant. OLN has supported Action Asia for many years and thank you to those that volunteered on the day.
You might not have paid recent attention to the privacy rules in Hong Kong. That is unless of course you have been served with an enforcement notice by the Hong Kong Privacy Commissioner for Personal Data (the “Commissioner”), or you have failed to comply with such an enforcement notice. Section 50B of the Personal Data (Privacy) Ordinance (“PDPO”) came into force on 1 October 2012, but it seems that the Hong Kong Police and Courts have only recently started to take this section seriously.
The PDPO came into force in 1996, but it was only in 2014, the first individual received a jail sentence for breach of section 50B(1)(c)(i) of PDPO. That was as a result of making a false statement to the Commissioner.
30th June 2017, was the first time that a company director was convicted his offence being the failure to comply with a lawful requirement of the Commissioner in breaching section 50B(1)(b) of PDPO.
In that case, a complaint was lodged with the Commissioner’s office against an employment agency in which had allegedly transferred personal data to a third party, without consent, while the employment agency was assisting the complainant in recruiting a foreign domestic helper.
Despite repeated written and telephone requests for the information needed to enable there to a proper investigation of the complaint, the employment agency failed to respond.
The sole director of the employment agency even ignored a Summons issued by the Commissioner under section 44 of PDPO requiring him to attend at a specified date and time for examination. The case was then referred by the Commissioner’s office to the Hong Kong Police, which then led to the prosecution.
Both those decisions show that the Commissioner is recommending more cases for prosecution.
Indeed, the Commissioner has recently stated ‘The conviction serves as a strong deterrent to remind all organisations and individuals to abide by the law and treat personal data privacy seriously.’
Apart from noting the importance of compliance with lawful requirement of the Commissioner, one should also be reminded that full co-operation is crucial, as any obstruction, hinderance or resistance, without lawful excuse, to the Commissioner or a prescribed officer in performing their functions may also result in a conviction, and in imprisonment (section 50B(1)(a) of PDPO).
OLN’s Digital Business Group regularly advises clients on the impact of data privacy legislation in Hong Kong.
Wang Chau, a little known rural area in Yuen Long, enclaved by industrial and residential estates, came under the wrong side of the spotlight in the latter part of 2016 concerning a public housing project to be built there. A can of worms was opened when allegations were made against the government for colluding with business interests, rural leaders and triads about the planned development of public housing in Wang Chau.
The controversy endures as it was later revealed that the consultant to the winning tenderer of Wang Chau project, Ove Arup & Partner (“Arup”), had allegedly breached its confidentiality agreement with the government by quoting insider information obtained from the government in its consultancy report to the tenderer.
Politics aside, the Wang Chau saga leads one to ponder what constitutes “confidential information” and what general exceptions would apply.
Confidentiality between consultancy firms and its clients
The relationship between a consultancy firm and its clients is primarily contractual, which is outlined in the retainer and/or service agreement between the parties. In a plain vanilla scenario, the law is rather straight-forward: a piece of information is confidential when it is defined so, whether loosely or strictly, in the agreement.
Apart from the express terms in the retainer, there are also circumstances which establish an implied contract of confidentiality. For instance, if a company engages a consultancy firm and divulges its trade secret to the firm in the process, there is an implied contract of confidentiality between the company and the consultancy firm due to a reasonable expectation that the information will only be shared with individuals which the company authorizes. A similar obligation also arises in equity under the broad principle that he who has received information in confidence must not take unfair advantage of it.1
There were also instances where the court has held that parties under a fiduciary position, due to a “special relationship of trust and confidence”2, have a duty to uphold confidentiality.
Drafting a proper non-disclosure agreement is not an easy task. All too often confidentiality clauses are overly broad and fail to specify in a meaningful way what exactly constitutes confidential information within the scope of the agreement in question.
The parties ought to negotiate the confidentiality clauses properly, using clear technical terms and practical legal terms. Customization is also crucial to fit the targeted users. For instances, information such as source code, algorithms, and design documents are paramount in software consultancy, while internal financial affairs are paramount in business consultancy. A well-drafted disclaimer could also serve as sufficient warning for anyone using the data.
Treatment of Confidential Information
When we say information is confidential, it may only be shared after authorization is provided and only be restricted to the authorized individuals. Most non-disclosure agreements, whether express or implied, remain in effect indefinitely. In common law, there are generally two recognized exceptions:-
1. If the law requires you to disclose confidential information
2. If the information is accessible in the public domain anyway
Practically speaking, sometimes the loophole might be on employees who fail to appreciate confidentiality. While the law does not require a consultancy firm to implement a Chinese wall, it may be wise for a consultancy firm, while dealing with entities with voluminous confidential data, to set up information barriers to avoid negligent staff from inadvertently disclosing confidential information.
For advice and drafting in respect of your non-disclosure agreements and confidentiality clauses as well as personal data (privacy) guidance, email your OLN partner contact, Ms. Anna Chan.
 See Seager v Copydex Ltd  2 All ER 415
 See Woods v Martins Bank Ltd  1 QB 55
Scherzade Burden - Foreign Qualified Lawyer
The recent corruption scandal in China over multinational pharmaceutical companies giving bribes to doctors to encourage them to use their brand’s medicines has been widely reported by the media.
At the centre of the scandal is British pharmaceutical giant, Glaxo Smithkline. Glaxo stand accused of paying bribes of around $500 million to doctors, such bribes paid in the form of travel, entertainment, sexual favours and cash over six years. It is believed that whistleblowers at Glaxo handed documents over to Chinese agencies after they had been dismissed from their respective positions at the company.
These probes, not just of Glaxo but of numerous pharmaceutical companies in China, have brought the issue of compliance and corruption to the fore. The general public are concerned about what is being called the “network of corruption” in China.
Some of the most serious damage done to these pharmaceutical companies is not the social perception of them and the public’s newfound distrust of the industry, but the serious financial implications for companies that are found to be carrying out corrupt practices and not complying with the rules and regulations of their jurisdiction. Glaxo has had to cut back on all of its marketing activity in China. Some of the other multinational pharmaceutical companies have told their sales representatives to stay at home or take annual leave because business has been so bad.
Furthermore, breach of compliance and corruption legislation is punishable not only by fine but also by imprisonment, as breach is a criminal, not a civil offence.
It should not, therefore, be difficult to persuade anyone in business that having a robust anti-corruption compliance programme in place is essential for consumer confidence, to prevent scandals and ensure there are no adverse financial implications.
If you do want to tune up compliance in your business then ensure first of all that those at the top of your organisation buy in to the programme. It is important that the leaders of the business follow the regime strictly, are seen to be complying and lead from the front. That way, employees will learn that non-compliance will not be acceptable to the leadership.
It is also important to then ensure that the compliance programme is embedded in the HR department so when new employees join the company they are given at the outset a clear internal policy as to their duties and obligations both under the law and according to the company’s standards.
Understanding the risks associated with non-compliance and of corruptive practices is vital. You cannot design an effective anti-corruption compliance programme without knowing and understanding what adverse consequences exist. If you are unsure that you know all the risks and/or unsure you understand them then seek advice from a professional. Acting pre-emptively and investing in advice could potentially save millions of dollars in the long run.
Finally, controls should be in place so that if your business is accused of corruptive practices or non-compliance then you have the necessary infrastructure in place to act quickly to ensure effective crisis management. Having a good IT support structure and reporting system should comprise part of this infrastructure.
The consequences of non-compliance and corruption are too severe and financially risky to your business to not take action if action is needed. Don’t be the next Glaxo Smithkline.
Oldham Li & Nie would like to thank Miang Lee of Kroll Advisory for the informative talk “Tuning up your anti-corruption compliance programme” at the lunch and learn on 5th December 2013.
This article is for information purposes only. Its contents do not constitute legal advice and readers should not regard this article as a substitute for detailed advice in individual instances.