The adoption of artificial intelligence (AI) is transforming the business landscape, enabling enterprises across finance, healthcare, retail, and technology to enhance operational efficiency and deliver tailored services. Processing sensitive personal data, such as health records and biometric identifiers, offers significant opportunities for innovation. Yet, these technological advancements also raise concerns about privacy and data security. These advancements are subject to stringent oversight under Hong Kong’s Personal Data (Privacy) Ordinance (Cap.486) (PDPO). Non-compliance with the PDPO may result in financial penalties, legal liabilities, and reputational damage. The Office of the Privacy Commissioner for Personal Data (PCPD) issued the Artificial Intelligence: Model Personal Data Protection Framework (AI Framework) in 2024 to guide organizations in managing privacy risks associated with AI. Understanding the PDPO, the AI Framework, regulatory risks of processing sensitive data, compliance strategies, and the evolving regulatory landscape is crucial for business operators in Hong Kong.

Health Data and Biometrics in AI Regulatory Risks for Hong Kong Enterprises_en