Skip to content

Media Statements

Media Statement

Date: 13 January 2022

Working from Home: Privacy Commissioner Recommends 9 Tips to Safeguard Personal Data

Owing to the recent situation of the COVID-19 pandemic, some organisations may implement work-from-home (WFH) arrangements. The Government also announced that face-to-face classes and all on-campus activities of primary schools and kindergartens in Hong Kong will be suspended on or before this Friday (14th January) until after the Chinese New Year holidays.
The Privacy Commissioner for Personal Data, Ms Ada CHUNG Lai-ling, said, “Since the pandemic, a number of organisations and schools have experiences in implementing WFH arrangements or online learning. Nevertheless, the transfer of electronic or physical data in such arrangements inevitably leads to a higher risk of data breaches. In addition, cybersecurity threats, such as hacking and malware, remain an issue. I therefore appeal to organisations and schools to be vigilant and pay special attention to and ensure data security when implementing WFH arrangements or online learning. They should provide adequate guidance and support to their employees, teachers or students, in order to reduce the risks of breaches of personal data privacy.”
In this connection, the Office of the Privacy Commissioner for Personal Data (PCPD) offers 9 tips for organisations, employees and users of video conferencing software (including teachers and students) to safeguard their personal data:
  • assess the risks to data security and personal data privacy relating to WFH arrangements in order to devise appropriate protection measures;
  • ensure the security of the data stored in the electronic devices provided to employees, including the adoption of appropriate security settings for virtual private networks (VPNs); and
  • provide sufficient data security training and support to employees for WFH arrangements, including password management, encryption of data, etc.
  • adhere to employers’ policies on the handling of data, such as using only corporate electronic devices and email accounts for work;
  • ensure the security of Wi-Fi connections at home, such as updating the firmware of the Wi-Fi routers in a timely manner, and avoid using public Wi-Fi for work; and
  • if it is necessary to bring paper documents out of office premises, ensure the proper handling of data to avoid loss. 
Users of video conferencing software (including teachers and students)
  • choose the appropriate video conferencing software, such as the ones with end-to-end encryption;
  • safeguard their user accounts by setting up strong passwords, changing the passwords regularly and activating multi-factor authentication; and
  • validate participants’ identities before allowing them to join the video conferences, and avoid sharing personal data or sensitive data during the conferences and in chatboxes.
For details of the practical advice, please refer to the three Guidance Notes published by the PCPD earlier, which is available at To enhance the public’s understanding of the relevant data security measures, the PCPD has also published a leaflet entitled “Protecting Personal Data under Work-from-Home Arrangements”:

“Protecting Personal Data under Work-from-Home Arrangements” leaflet published by the PCPD for public reference