Skip to content
Hong Kong has introduced new guidelines to help businesses formulate policies on the use of generative Artificial Intelligence in the workplace. These guidelines, while not legally binding, are designed to align with the city’s existing Personal Data (Privacy) Ordinance (PDO) and reinforce data privacy standards supervised by the Privacy Commissioner for Personal Data (PCPD). The PDO applies to both the private and public sectors, regulating all aspects of personal data handling involving information that can identify a living individual.
The guidelines present a structured checklist for responsible generative Artificial Intelligence adoption. Key recommendations include clearly defining the permissible use of generative Artificial Intelligence platforms, providing detailed policies to employees, and ensuring robust protection of personal data privacy. Employers are urged to set instructions for data input, storage, and retention, as well as implement lawful and ethical use protocols to prevent bias and discrimination. Companies should also enforce data security measures, such as strong credentials, controlled device access, and mandatory reporting of Artificial Intelligence incidents, in addition to establishing an incident response plan.
Additional guidance focuses on transparency, continuous employee training, the creation of support teams for technical assistance, and mechanisms for employee feedback. Although these guidelines are advisory, noncompliance with key data privacy rules under the PDO could lead to severe penalties, including substantial fines and imprisonment. The article encourages employers with Hong Kong operations to follow a six-step action plan: review and update Artificial Intelligence policies, enhance security and response frameworks, educate employees on data handling, ensure company-wide training on Artificial Intelligence use and policies, appoint knowledgeable support teams, and establish safe feedback channels. By aligning corporate practices with the new guidelines and the PDO, organizations can minimize legal risks and foster responsible, secure deployment of generative Artificial Intelligence technologies in the workplace.
