Data Privacy & Security

Our Approach to Data Security

Steered by the senior management team, our approach to data security is reviewed and updated regularly with the goal of ensuring that our daily operations are in line with industry best practices.

Across HKBN, we stringently operate with data security & privacy policies that cover data security, cyber incident response policy, data classification, and data retention & destruction.

Responsibly Handling Customer Data

At HKBN, all confidential and sensitive information are encrypted with passwords or crypto keys, and can only be accessed by authorised personnel.

We’re open and honest on how customer data is managed, and communicate this through the publicly available Personal Data & Privacy Statement (PPS), the Personal Information Collection Statement, and related clauses that are described in our service agreements. Third party service providers are under an agreement of confidentiality and are contractually bound to use a customer’s personal data solely in connection with the purposes specified in the PPS.

Additionally, we responsibly retain and destroy collected data. For example, we do not store full credit card numbers; only 10 digits (out of the full 16 digits) of customer credit card numbers are stored, and we practice ‘tokenisation’ when processing credit card payments. Moreover, each customer’s Hong Kong Identity Card (HKID) number is only partially visible via our front-line system. To protect customer privacy, we also have a dedicated Data Protection Officer and a Personal Data Privacy Officer who ensure that personal data privacy and strict confidentiality are maintained.

How We Respond to Cyber Attacks

Our Cyber Incident Response Policy provides us with clear guidance on the handling of security incidents throughout the stages of identification, containment, recovery, reporting and post-incident evaluation. We employ cybersecurity tools and systems which continuously monitor and identify potential security incidents/breaches.

Whenever an incident is identified, we report it to our Audit & Risk team and our Board, and take immediate action to contain, investigate, and resolve. Two internal teams are authorised to handle cyber incidents, with our Cyber Incident Management team responsible for overseeing the entire response process and making critical decisions, while our Cyber Incident Response team is responsible for the handling of cyber incidents. We also commit to inform affected customers in a timely manner of any data breaches identified.

Security Awareness Inside HKBN

Cyber attacks are happening – all day, every day. And while we have some of the best cybersecurity tools and systems to keep our data and customer information safe from cyber threats – for context, over 3 billion phishing emails are sent worldwide everyday – the role of our Talents more critical than ever. Above all, the best defense against ransomware attacks is awareness.    

Mindful of the real dangers, we require all new joiners to complete training programmes which include mandatory learning about data security and customer privacy. Throughout the year, we provide all Talents with an extensive regimen of data security exposure, including monthly 5-minute videos to raise awareness about key cybersecurity threats, impromptu phishing email assessments, best practice training modules (covering topics like data classification, password creation and software security), and much more.  

Cybersecurity for Residential & Enterprise Customers

As a leading ICT company, we have the expertise to help customers – at home and in the business environment – stay protected in an interconnected digital world.

As cyber threats and attacks continue to rise, we offer services to equip residential customers and their family members with the monitoring and security tools to keep their data and devices safe from hackers. For enterprise customers, our full suite of cybersecurity solutions include cloud-delivered security protection starting at the DNS level, managed security services, 24/7 network & gateway security monitoring, endpoint security for devices and a lot more.