A new inspection regime is being implemented under the Hong Kong Companies Ordinance. This will provide additional safeguards relating to the personal data of directors and other relevant individuals that appear on the public records maintained by the Companies Registry (CR). The full inspection regime is being implemented in three phases, while Phase 1 and Phase 2 commenced on August 23, 2021 and October 24, 2022 respectively, Phase 3 will be implemented on December 27, 2023.
Understanding the background of the New Inspection Regime
Since early 2009, the Hong Kong government has extensively consulted and thereafter made amendments to the Companies Ordinance and the inspection regime. During that time, concerns were raised about the fraudulent use of personal information, specifically the public accessibility of usual residential addresses (URAs) and full identification numbers (IDNs) of directors and company secretaries.
The public's access to full IDNs and URAs (Protected Information) has resulted in recurring cases of fraud. The rise in "doxing" has further highlighted the misuse of personal data. There is growing concern in the community about the privacy of such information being available to the general public and the level of protection provided for personal data.
Following the implementation of the New Inspection Regime, all searchers, including the media, will still have access to director information, which will include a correspondence address as a substitute for the residential address, and partial IDN in respect of documents filed with the CR on or after October 24, 2022. Searchers can continue to easily locate the URAs and IDNs of relevant individual directors shown on documents filed before October 24, 2022, with the CR.
According to the current Companies Ordinance, directors are not allowed to use a PO box as their correspondence address, and their correspondence address must be effective for communication with the directors. If there is evidence that the service of documents at the relevant correspondence address of the director is not effective to bring them to the notice of the director, the CR may put the director's usual residential address on public record for public inspection.
The New Inspection Regime does not impede necessary access to Protected Information. Under certain situations, specified persons may search at the CR for the director's URA and full IDN, in addition to their correspondence address and partial identification available on the public records.
Implementation of the New Inspection Regime
|
Phase 1 |
Starting from August 23, 2021, companies may replace the URA of directors with their correspondence addresses and replace the full IDN of directors and company secretaries with their partial IDNs on their own registers for public inspection. |
|
Phase 2 |
From October 24, 2022, onwards, CR will withhold from public inspection the URA and full IDN of directors, company secretaries and liquidators, etc., which are contained in all the documents filed for registration. |
|
Phase 3 |
Starting from December 27, 2023, concerned individuals may apply to the CR for withholding from public inspection their respective URA and full IDN contained in documents already registered with the CR prior to October 24, 2022. |
Section 12(1) of the Companies (Residential Addresses and Identification Numbers) Regulation (the Regulation) provides for a list of "Specified Persons" to whom Protected Information may be disclosed to by the Registry on application under section 58(3) of the CO.
The 'Specified Persons' include:
- A data subject
- A person who is authorized in writing by a data subject to obtain the information
- A member of the company
- A liquidator
- A trustee in bankruptcy
- A public officer or public body
- A person specified in the Schedule to the Regulation
- A solicitor or foreign lawyer who practices law in a law firm
- A (practising) certified public accountant
- A financial institution or designated non-financial businesses and professions
|
|
Old Inspection Regime |
New Inspection Regime |
|
Disclosure of directors’ information |
URA and full IDN |
Correspondence address and partial IDN |
|
Disclosure of company secretaries’ information |
Full IDN |
Partial IDN |
|
Disclosure of other individuals’ information (including liquidators and provisional liquidators) |
Full IDN |
Partial IDN |
|
Information for public inspection |
Protected Information contained in documents registered with the CR before October 24, 2022, were all visible for public inspection. |
Protected Information contained in documents registered with the CR after October 24, 2022, are not provided for public inspection.
Individuals whose Protected Information is contained in documents registered with the CR before October 24, 2022, may apply to the CR for withholding such information from inspection in Phase 3. |
Addressing doxing and safeguarding personal information
In response to the pressing issues, the Hong Kong government has taken a decisive stance in combatting doxing and the misuse of personal information. By introducing the Personal Data (Privacy) Amendment Ordinance 2021, the government aims to effectively tackle violations of personal data privacy.
To align with the government's efforts, companies must establish robust internal procedures to safeguard personal details within their files, preventing unauthorized public access and the potential misuse of private information. It is crucial for companies to proactively adhere to the latest requirements and regulations and ensure full cooperation.
Furthermore, companies need to be vigilant and prepared for the risks associated with unauthorized access to personal information, such as fraud and doxing. By prioritizing these responsibilities, companies contribute to the collective effort of protecting individuals' privacy and maintaining a secure business environment.
How Tricor can help
As a leading provider of corporate services, Tricor offers a range of solutions to help directors and company secretaries of companies listed in Hong Kong and companies registered in Hong Kong to protect their personal information, including the submission of application to the CR for masking out of personal information and provision of a correspondence address.
Tricor understands the importance of data privacy and is committed to delivering customized solutions that meet the unique needs of our clients. Our services are designed to be accurate and efficient, ensuring that our clients' personal data is well-protected and secure.
By partnering with Tricor, clients can focus on their business objectives, knowing that their privacy needs are in good hands. Schedule your free consultation today: https://www.tricorglobal.com/new-inspection-regime.
Contact Us
For more information, please contact us at TricorInside@hk.tricorglobal.com.
