HKCNSA AI & Data Privacy Luncheon Successfully Held, Exploring Key Issues in Data Protection and Artificial Intelligence

On 25 March 2026, the Hong Kong China Network Security Association (HKCNSA) successfully held the AI & Data Privacy Luncheon at The Park Lane Hong Kong. The event brought together representatives from regulatory bodies, enterprises and technology providers to share insights on data protection issues arising from the rapid adoption of artificial intelligence (AI). The luncheon aimed to facilitate industry understanding of the relevant regulatory frameworks, data management practices and technological developments.

The event began with opening remarks by Mr. David Ip, Founding Chairman of HKCNSA. He noted that the use of AI systems within enterprises has become increasingly common, resulting in greater complexity and scale in data processing activities. In this context, organisations need a clearer understanding of AI‑related data management requirements in order to make appropriate arrangements within their operational processes.

This was followed by a keynote presentation by Ms. Fiona Lai, Assistant Privacy Commissioner for Personal Data (Legal) at the Office of the Privacy Commissioner for Personal Data (PCPD), titled “Data Privacy in the Age of AI.” She outlined recent trends in data breach notifications in Hong Kong and explained the types of data protection concerns that may arise in AI‑related scenarios, including data collection, accuracy, usage and deletion. She also introduced key PCPD publications, such as the “Artificial Intelligence: Model Personal Data Protection Framework” and the “Checklist on Guidelines for the Use of Generative AI by Employees” highlighting their relevance to organisations developing AI‑related internal policies and procedures.

In his keynote “When AI Goes Rogue: The $Billion Data Governance Wake‑Up Call,” Mr. Michael Chung, Senior Systems Engineer at Everpure, discussed the role of data governance in AI application environments. He outlined considerations related to data quality, lifecycle management, data classification and monitoring mechanisms, and shared examples of Everpure’s data management and AI‑related technologies, illustrating how these functions operate within technical architectures.

Mr. Bill Ho, Senior Solution Architect at Veeam, presented “Detect, Protect, Undo: The Rogue AI Eradication Playbook.” He discussed issues organisations may encounter in data protection and recovery processes when AI Agents interact with business operations. His presentation covered backup strategies, immutable storage and data recovery mechanisms, explaining how relevant technologies can support incident response in cases involving unexpected data changes.

The luncheon concluded with a panel discussion moderated by Ms. Chandy Ye, Vice Chairlady of HKCNSA. Panel speakers included Mr. Adam Au, General Counsel, Toys"R"Us (Asia) Limited; Mr. Ben Fung, Senior Associate Director, Information Technology and Solutions, Chinachem Group; Mr. Simon Tai, Managing Director for Hong Kong, Macau and Taiwan, SailPoint; and Ms. Veronica Wang, Head of APAC Privacy & Data Protection, BlackRock.

Centred on the theme “Responsible AI in the Era of Data Privacy — Balancing Innovation and Compliance,” the panel explored how AI is applied across different business environments. Speakers discussed considerations related to regulatory compliance, data management, technical deployment and internal processes, and exchanged practical experiences on data frameworks, system transparency and risk assessment workflows in AI‑driven contexts.

HKCNSA extends its sincere appreciation to Everpure, Veeam, SailPoint and other corporate members for their support. The luncheon enhanced industry understanding of AI‑related data governance, compliance management and technical practices, and further strengthened exchanges between Hong Kong and the international community in the fields of cybersecurity and data protection. The association will continue to provide platforms for policy updates, technical dialogue and experience sharing to support ongoing developments in AI and data protection.