ARTICLE
9 May 2025

HR's Data Strategy: Implementing Gen AI Guidelines In Hong Kong

LS
Lewis Silkin

Contributor

Lewis Silkin logo
We have two things at our core: people – both ours and yours - and a focus on creativity, technology and innovation. Whether you are a fast growth start up or a large multinational business, we help you realise the potential in your people and navigate your strategic HR and legal issues, both nationally and internationally. Our award-winning employment team is one of the largest in the UK, with dedicated specialists in all areas of employment law and a track record of leading precedent setting cases on issues of the day. The team’s breadth of expertise is unrivalled and includes HR consultants as well as experts across specialisms including employment, immigration, data, tax and reward, health and safety, reputation management, dispute resolution, corporate and workplace environment.
Explore Firm Details
The Privacy Commissioner for Personal Data (PCPD) recently published a Checklist on Guidelines for the Use of Generative AI by Employees.
Hong Kong Technology
Catherine Leung and Vanessa Ip
Your Author LinkedIn Connections

The Privacy Commissioner for Personal Data (PCPD) recently published a Checklist on Guidelines for the Use of Generative AI by Employees.

The aim of the Guidelines is to assist employers in developing internal policies on employee usage of Gen AI that align with Hong Kong's personal data and privacy laws.

A representative of the PCPD said the Guidelines "can help organisations and their employees use generative AI safely and protect personal data privacy, thereby fostering the safe application of AI across different sectors ...".

The Guidelines were issued off the back of recent findings by the PCPD revealing that less than 30 per cent of Hong Kong organisations currently have Gen AI policies in place. The Guidelines emphasise the importance of data security and the lawful and ethical use of Gen AI tools in the workplace.

When drafting internal AI policies, it is recommended that organisations carefully consider and set out the following:

  • the scope of permitted Gen AI use (i.e. permitted Gen AI tools and the permissible purposes of use);
  • measures to protect personal data (e.g. data input considerations, permissible uses of output data, data retention policies etc.);
  • duty of employees not to use Gen AI tools for unlawful or harmful activities, and to verify / credit AI-generated content (e.g. fact check, watermark or label AI-generated outputs etc.);
  • data security measures (e.g. specify who may access Gen AI tools and the types of devices on which employees are permitted to access Gen AI tools; maintain stringent security settings on Gen AI tools; clear reporting channels and procedures in the event of data breach etc.); and
  • consequences and procedures in the event an employee violates the company's Gen AI policies.

The Guidelines also recommend that employers regularly communicate policies and guidelines to employees, and provide regular training on how to use Gen AI tools effectively and responsibly. Employers should establish dedicated support teams and feedback mechanisms in order to effectively implement AI systems and policies while safeguarding the personal data privacy of individuals.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Catherine Leung
Catherine Leung
Photo of Vanessa Ip
Vanessa Ip
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More