On June 5, 2023, the Office of the Privacy Commissioner for Personal Data of Hong Kong (Commission) issued a press statement[1] announcing that it will commence compliance checks on all credit reference agencies (agencies) in Hong Kong.

These checks are to be carried out as a proactive measure by the Commission, arising from recent investigation findings and concerns raised by the community pertaining to the mishandling of borrowers’ credit data by the agencies.

The checks aim to ensure the protection of borrowers’ data privacy, and that there is adequate data security accorded to credit reference databases, in line with the requirements set forth in Hong Kong’s Personal Data (Privacy) Ordinance (Ordinance). The checks will, among other things, determine whether the security measures adopted by the agencies and the retention period applied to borrowers’ credit data comply with the Ordinance.

The statement also invites any person that suspects his or her credit data has been accessed inappropriately, or retained for longer than needed, to make an enquiry with the relevant agencies, or even to lodge a complaint with the Commission directly.


The proactiveness of the Commission in this context signals a marked commitment in Hong Kong toward safeguarding individuals’ data privacy. There has also been a noticeably high level of enforcement activity of late across Asia Pacific.

Should you require assistance or support, please contact the authors of this blog post or your relationship partner at the firm.

Disclaimer: While every effort has been made to ensure that the information contained in this article is accurate, neither its authors nor Squire Patton Boggs accepts responsibility for any errors or omissions. The content of this article is for general information only, and is not intended to constitute or be relied upon as legal advice.

[1] https://www.pcpd.org.hk/english/news_events/media_statements/press_20230605.html