What happened: Hong Kong flag carrier Cathay Pacific and a regional subsidiary have disclosed that over nine million of their passengers had their personal data compromised in March. The breach involved data from travelers on the carrier as well as Hong Kong Dragon Airlines. Compromised information includes passengers’ names, nationalities, dates of birth, phone numbers, emails, physical addresses, passport numbers, and ID card numbers.
Why it’s important: While Hong Kong has no requirements for reporting data breaches, the EU’s General Data Protection Regulation regulations state that incidents like these should be reported within 72 hours. Failure to do so could result in fines of up to 4% of the responsible company’s annual income. Hong Kong privacy chief Stephen Wong Kai-yi slammed the company saying it hadn’t fulfilled its moral responsibility. He said that in light of recent events, he would be looking into amending the rules to ensure quicker reporting of incidents like these.