The Security Bureau seeks to regulate critical infrastructure operators to be responsible for securing their Critical Computer Systems (CCSs) and plugging the potential security loopholes to prevent personal data and business information from leaking.
That would be applicable to the eight sectors of essential services – including energy; information technology; banking and financial services; land transport; air transport; maritime; healthcare services and communications and broadcasting.
The critical infrastructure operators (CIOs) have to formulate and implement a computer system security management plan and submit the plan to the newly established Commissioner’s Office for the implementation of the proposed legislation by the Security Bureau on strengthening critical infrastructure computer systems protection.
For those CIOs who failed to formulate and implement a computer system security management plan, or have not conduct system security risk assessment according to the standard, the maximum fine will be up to HK$5,000,000.
The penalties under the proposed legislation will only include fines, while additional daily fines for persistent non-compliance will be imposed for certain offences.
Hong Kong United Times丨香港聯合時報丨HKUT 