Hong Kong: Protecting personal information of your company directors and secretaries

19 Aug 2021    4 minute read
Companies Ordinance Hong Kong-Registered Companies Personal Information Data Privacy Hong Kong New Inspection Regime Protected Information DT Featured Content

In brief

Until now, any member of the public can obtain through a standard company search information regarding the residential addresses and personal identification numbers of directors and company secretaries of Hong Kong-registered companies on the register of the Companies Registry ("Register"). In light of the growing concern about the availability and use of personal information, an inspection regime to protect such personal information was included in the new Companies Ordinance (Cap 622) ("CO”). However, the inspection regime did not come into full effect when the CO was implemented in 2014. At that time, only the provisions regarding company secretaries providing correspondence addresses were implemented. The Hong Kong government has now approved to bring this regime into full effect in three stages from 2021 to 2023, allowing Hong Kong companies to limit disclosure to the public certain personal information of both their directors and secretaries.

Contents

  1. Key takeaways
    1. What does this mean for companies?
    2. What is Protected Information?
    3. What does this mean to the public?
  2. In more detail
    1. The remaining provisions of the new inspection regime to be implemented
    2. Commencement timetable

Key takeaways

What does this mean for companies?

With this new regime in full effect, companies can protect the Protected Information (as defined below) of their directors and secretaries. From 23 August 2021, companies can limit the disclosure of Protected Information through searches of their own registers. Companies, in conjunction with their directors and secretaries, are recommended to consider their approach regarding the disclosure of Protected Information and determine whether to implement systems to limit disclosure.

What is Protected Information?

"Protected Information" in relation to a Data Subject (as defined below) refers to (a) the usual residential address (“URA”) and (b) the full identification number (“IDN”) of that person that can be accessed by the public through public searches under current law.

What does this mean to the public?

Subject to the commencement timetable between 23 August 2021 and 27 December 2023:

(a)          The public is only able to access the correspondence address (“CA”) and partial IDN of a director on the Register to ascertain the identity of the director concerned.

(b)        Specified Persons (as defined below) will continue to have access to Protected Information to facilitate the performance of their functions without jeopardizing the need to ensure the robustness of the financial, commercial and corporate governance systems of Hong Kong, provided that the Specified Persons can confirm to the satisfaction of the Registrar that the Protected Information would only be used for the performance of their functions.

In more detail

The remaining provisions of the new inspection regime to be implemented

The government has taken the view that it is appropriate to implement the remaining provisions of the new inspection regime in light of the increased cases of personal data misuse in recent years. The implementation of the remaining provisions provides new protection to personal information contained in the Register.

The new inspection regime to be implemented provides the following:

  1. The Register will only make available for public inspection:
    1. CAs of directors in place of their URAs.
    2. Partial IDNs of directors, company secretaries and other relevant persons instead of their full IDNs.

A company may take the same approach for public inspection of its own register.

  1. The Companies Registry ("CR") may make available a director's URA if it is satisfied that an incorrect CA has been provided.
  2. To facilitate the conduct of some functions in relation to statutory procedures, law enforcement, and customer due diligence of financial and business transactions that may require disclosure of this information, the CR can disclose Protected Information of directors and others on the Register to Specified Persons. "Specified Persons" for the purposes of the new inspection regime include the following:
  • Data subject or a person authorized by the data subject (collectively, "Data Subject"), i.e. the director or secretary in question
  • A member of the company
  • A public officer of public body
  • A practicing solicitor of Hong Kong law or foreign law within the ambit of the Legal Practitioners Ordinance (Cap 159)
  • A practicing certified public accountant under the Professional Accountants Ordinance (Cap 50)
  • An authorized institution under the Banking Ordinance (Cap 155)
  • A financial institution and designated non-financial businesses and professions regulated under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Cap 615)
  • A person/organization appointed or provided under statute who needs to use Protected Information to execute their statutory functions

The disclosure will be made via an administrative mechanism to be put in place by the CR. Specified Persons will be required to make a statement as to their position and that the information will only be used for the specific purpose related to that position. A fee will be payable by certain categories of Specified Persons.

  1. The court may hand down an order, upon a successful application made by creditors or other parties with sufficient interest, for the disclosure by the CR of the Protected Information.

Commencement timetable

The new inspection regime will come into force in phases as follows:

Phase 1 From 23 August 2021

Companies may limit for public inspection on their own registers only CAs and partial IDNs of directors and secretaries.
Phase 2 From 24 October 2022

Protected Information on the Index of Directors on the Register will be replaced with CAs and partial IDNs for public inspection. Protected Information contained in documents filed for registration after commencement of this phase will not be provided for public inspection. Specified Persons may apply to access Protected Information. This applies to both Hong Kong-incorporated companies and registered non-Hong Kong companies.
Phase 3 From 27 December 2023

Any Data Subject may apply to the CR to disallow disclosure of their Protected Information contained in documents already filed with the CR before commencement of Phase 2 – which will be replaced with CA and partial IDN.

 

* * * * * 

For further information and to discuss what this development might mean for you and steps to be taken, please get in touch with our lawyers set out under the "Contact Information" or your usual Baker McKenzie contact. We are happy to advise on the actions to be taken in light of this new regime.

Contact Information
Tracy Wut
Partner
Hong Kong
tracy.wut@bakermckenzie.com
Liza Murray
Partner
Hong Kong
liza.murray@bakermckenzie.com
Jannie Mak
Manager
Hong Kong
jannie.mak@bakermckenzie.com

Copyright © 2024 Baker & McKenzie. All rights reserved. Ownership: This documentation and content (Content) is a proprietary resource owned exclusively by Baker McKenzie (meaning Baker & McKenzie International and its member firms). The Content is protected under international copyright conventions. Use of this Content does not of itself create a contractual relationship, nor any attorney/client relationship, between Baker McKenzie and any person. Non-reliance and exclusion: All Content is for informational purposes only and may not reflect the most current legal and regulatory developments. All summaries of the laws, regulations and practice are subject to change. The Content is not offered as legal or professional advice for any specific matter. It is not intended to be a substitute for reference to (and compliance with) the detailed provisions of applicable laws, rules, regulations or forms. Legal advice should always be sought before taking any action or refraining from taking any action based on any Content. Baker McKenzie and the editors and the contributing authors do not guarantee the accuracy of the Content and expressly disclaim any and all liability to any person in respect of the consequences of anything done or permitted to be done or omitted to be done wholly or partly in reliance upon the whole or any part of the Content. The Content may contain links to external websites and external websites may link to the Content. Baker McKenzie is not responsible for the content or operation of any such external sites and disclaims all liability, howsoever occurring, in respect of the content or operation of any such external websites. Attorney Advertising: This Content may qualify as “Attorney Advertising” requiring notice in some jurisdictions. To the extent that this Content may qualify as Attorney Advertising, PRIOR RESULTS DO NOT GUARANTEE A SIMILAR OUTCOME. Reproduction: Reproduction of reasonable portions of the Content is permitted provided that (i) such reproductions are made available free of charge and for non-commercial purposes, (ii) such reproductions are properly attributed to Baker McKenzie, (iii) the portion of the Content being reproduced is not altered or made available in a manner that modifies the Content or presents the Content being reproduced in a false light and (iv) notice is made to the disclaimers included on the Content. The permission to re-copy does not allow for incorporation of any substantial portion of the Content in any work or publication, whether in hard copy, electronic or any other form or for commercial purposes.