The incident of leakage of passengers’ personal data by Cathay Pacific Airways and issues relating to protection of personal data and cyber security
Compliance with regulations
Mr CHAN Chun-ying said that listed companies in Hong Kong were obliged to disclose any price-sensitive information (“PSI”) to the public, as soon as reasonably practicable after PSI had come to their knowledge. He queried if CX had sought legal advice on whether the company had breached any of the relevant listing conditions for not having disclosed the leakage of customers’ personal information in a timely manner, as it might be regarded as PSI. Chairman, CX replied that CX had experience in complying with the disclosure requirements in the Securities and Futures Ordinance (Cap. 571). He said that whether certain information was price sensitive or not was a matter of judgment. According to the guidelines published by the Securities and Futures Commission, issues of considerable public interest, such as the breach of CX passenger data, might not necessarily be materially price sensitive.
Goodwill and customers’ confidence
Mr CHAN Chun-ying enquired whether CX would implement measures such as two-factor authentication log-in process to enhance cyber security.
CCCO, CX replied that by constantly improving its fleet, network of destinations and passenger experience, the company was confident that its image could be restored. It also had plans to launch promotion programmes as a gesture to show gratitude for customers’ continuous support.