| On
this Page:
- HONG
KONG E-COMMERCE LEGISLATION
- HONG KONG THE ELECTRONIC TRANSACTIONS
ORDINANCE 2000
- HONG KONG SUPERVISION
OF INTERNET BANKING
- HONG KONG OTHER GOVERNMENT
INITIATIVES
Hong
Kong The Electronic Transactions Ordinance 2000
The
Ordinance was effective from April 7, 2000. It
authorises the use of electronic and digital signatures,
and electronic records. It provides for the legal
validity of digital signatures and electronic
records, as well as for the retention of electronic
records and their admissibility in any legal proceeding.
Additionally, the Ordinance delineates the requirements
for the formation of an electronic contract, and
establishes regulations for the licensure of certification
authorities.
The
Ordinance enshrines four major principles:
Some
of the key language of the Ordinance is as follows:
-
Digital
Signature: 'Digital signature,' in relation
to an electronic record, means an electronic
signature of the signer generated by the transformation
of the electronic record using an asymmetric
cryptosystem and a hash function such that
a person having the initial untransformed
electronic record and the signer's public
key can determine -- (a) whether the transformation
was generated using the private key that corresponds
to the signer's public key; and (b) whether
the initial electronic record has been altered
since the transformation was generated;
- Effect
of Digital Signature: If a rule of law requires
the signature of a person or provides for certain
consequence if a document is not signed by a
person, a digital signature of the person satisfies
the requirement but only if the digital signature
is supported by a recognized certificate and
is generated within the validity of that certificate;
- Electronic
Signature: 'Electronic signature' means
any letters, characters, numbers or other symbols
in digital form attached to or logically associated
with an electronic record, and executed or adopted
for the purpose of authentication or approving
the electronic record;
- Electronic
Record: 'Electronic
record' means a record generated in digital
form by an information system, which can be
-- (a) transmitted within an information system
or from one information system to another; and
(b) stored in an information system or other
medium;
- Effect
of Electronic Record:
If a rule of law requires information to be
or given in writing or provides for certain
consequences if it is not, an electronic record
satisfies the requirement if the information
contained in the electronic record is accessible
so as to be usable for subsequent reference;
- Certification
Authority: 'Certification authority' means
a person who issues a certificate to a person
(who may be another certification authority);
- Certificate:
'Certificate' means a record which -- (a) is
issued by a certification authority for the
purpose of supporting a digital signature which
purports to confirm the identity or other significant
characteristics of the person who holds a particular
key pair; (b) identifies the certification authority
issuing it; (c) names or identifies the person
to whom it is issued; (d) contains the public
key of the person to whom it is issued; and
(e) is signed by a responsible officer of the
certification authority issuing it.
The
Postmaster General is authorized to be a Recognized
Certification Authority under the Ordinance. Additionally,
the Secretary for Information Technology and Broadcasting
may make regulations governing the application
procedures of certification authorities. "A
certification authority may apply to the Director
[of Information Technology Services] to become
a recognized certification authority. "The
applicant must furnish the Director any particulars
required by the director, and "(b) a report
which -- (i) contains an assessment as to whether
the applicant is capable of complying with the
provisions of this Ordinance applicable to a recognized
certification authority and the code of practice;
and (ii) is prepared by a person acceptable to
the Director as being qualified to give such a
report.
Because
of the transitionary nature of the current commercial
environment, certain exemptions have been included
in the Ordinance, so as to allow time to build
trust within the community:
-
certain
generic items such as wills, trust, statutory
declarations, affidavits, power of attorney,
court orders, warrant, bills of exchange,
documents or instruments concerning land or
property transactions, etc. are exempt from
the operation of the relevant provisions in
the proposed legislation;
-
a
mechanism is provided to exempt by means of
subsidiary legislation specific rules of law
from the operation of the relevant provisions
in the proposed legislation;
-
judicial
proceedings are exempt from the operation
of the relevant provisions in the proposed
legislation and the authorities for making
court rules are empowered to apply the relevant
provisions to such proceedings when the relevant
courts/tribunals are ready; and
-
a
mechanism is provided to specify format and
procedural requirements if necessary in respect
of cases whereby electronic information is
accepted under a rule of law.
The
Electronic Transactions Ordinance provides for
the establishment of certification authorities
to ensure trust and security in electronic transactions
through the use of digital certificates and the
use of public and private key technology. Through
the establishment of a public key infrastructure
to safeguard secure transactions conducted over
open networks Hongkong Post is already operating
certification authority services on a non-exclusive
basis - but the number of certification authorities
to be established in Hong Kong will be determined
by market demand.
BACK
TO TOP
Hong
Kong Supervision Of Internet Banking
Since
1997, the Hong Kong Monetary Authority (HKMA)
has been issuing a series of circulars to set
out its regulatory approach on e-banking services
and to provide authorised institutions with recommendations
on the risk management for these activities. While
institutions do not need to seek formal approval
from the HKMA to offer their e-banking services,
they should discuss their plans and risk management
measures with the HKMA in advance.
Among
the issues discussed, the arrangements adopted
by institutions to ensure adequate information
security for their services are one of the key
focuses of the HKMA. While absolute information
security does not exist, institutions are expected
to implement information security arrangements
that are "fit for purpose", i.e. commensurate
with the risks associated with the types and amounts
of transactions allowed, the electronic delivery
channels adopted and the risk management systems
of individual institutions. To provide further
recommendations to the senior management of institutions
on information security, the HKMA issued in July
2000 a Guidance Note on Management of Security
Risks in Electronic Banking Services.
Furthermore,
the HKMA expects senior management of institutions
to commission periodic independent assessments
of the information security aspects of their e-banking
services. The HKMA expects such independent assessments
to be carried out by trusted independent experts
before launch of the services, and thereafter
at least once a year, or whenever there are substantial
changes to the risk assessment of the services
or major security breaches. To this end, the HKMA
issued in September 2000 a Guidance Note on Independent
Assessment of Security Aspects of Transactional
E-banking Services.
As
for other banking services, the HKMA expects institutions
to observe the Code of Banking Practice and the
principles in it in providing e-banking services
to their personal customers. There should be adequate
transparency in the provision of e-banking services
so as to enhance the customers' understanding
of what they can reasonably expect of the services,
as well as their precautionary actions in enabling
adequate information security of the services.
In
particular, the HKMA expects institutions to set
out clearly in their terms and conditions the
respective rights and obligations between the
institutions and customers. Such terms and conditions
should be fair and balanced to both the institutions
and the customers. Customers must be made aware
of their responsibilities to maintain information
security in the use of electronic banking services
and their potential liability if they do not.
In particular, the terms and conditions should
highlight how any losses from security breaches,
systems failures or human error will be apportioned
between the institutions and its customers. In
this regard, the HKMA's view is that unless a
customer acts fraudulently or with gross negligence,
such as failing to properly safeguard his password,
he should not be responsible for any direct loss
suffered by him as a result of unauthorised transactions
conducted through his account.
The
HKMA defines a
virtual bank as a company which delivers banking
services primarily, if not entirely, through the
internet or other electronic channels. The term
does not refer to existing licensed banks which
make use of the internet or other electronic means
as an alternative channel to deliver their products
or services to customers.
In
May 2000, the HKMA issued a Guideline on the Authorisation
of Virtual Banks under section 16(10) of the Banking
Ordinance. The Guideline sets out the principles
that the HKMA takes into account in deciding whether
to authorise virtual banks. The main principle
is that the HKMA will not object to the establishment
of virtual banks in Hong Kong provided that they
can satisfy the same prudential criteria that
apply to conventional banks. In summary, virtual
bank applicants must satisfy the following requirements:
- maintenance
of a physical presence in Hong Kong;
-
maintenance of a level of security appropriate
to their proposed business;
-
establishment of appropriate policies and procedures
to deal with the risks associated with virtual
banking;
-
development of a business plan which strikes
an appropriate balance between the desire to
build market share and the need to earn a reasonable
return on assets and equity;
-
clearly setting out in the terms and conditions
for their services the rights and obligations
of customers; and
-
compliance with the HKMA's guidelines on outsourcing
of computer operation.
In line with existing authorisation policies for
conventional banks, a locally incorporated virtual
bank cannot be newly established other than through
the conversion of an existing locally incorporated
authorised institution. Furthermore, local virtual
banks should be at least 50% owned by a well-established
bank or other supervised financial institutions.
For applicants incorporated overseas, they must
come from countries with an established regulatory
framework for electronic banking. In addition,
they must have total assets of more than US$16
billion and will be subject to the "three-building"
condition in respect of its physical offices,
but not in respect of its cyber network.
Under
the Banking Ordinance, overseas-incorporated institutions
(including virtual banks) intending to solicit
deposits from members of the public in Hong Kong
would not be required to be authorised, provided
that the deposits are placed overseas. However,
section 92 of the Banking Ordinance makes it an
offence for any person, other than an authorised
institution, to issue an advertisement or invitation
to members of the public in Hong Kong to make
a deposit, even if it is made outside Hong Kong,
unless the disclosure requirements in the Fifth
Schedule to the Banking Ordinance are complied
with. They should include a warning in their advertisements
that they are not authorised under the Banking
Ordinance and hence are not subject to the supervision
of the HKMA. The advertisements must also contain
certain specified information about the overseas
institutions and the deposit scheme being advertised.
The objective is to ensure that material facts
are available to enable prospective depositors
to make their own judgement on whether to place
a deposit with the institutions concerned.
The
HKMA is of the view that advertisements placed
through the internet should be governed by the
same principles.
The
Unsolicited Electronic Messages Ordinance was
launched in two phases from June 1, 2007, by Hong
Kong's Commerce, Industry & Technology Bureau.
Phase
I of the ordinance prohibits the use of unscrupulous
techniques to send a large quantity of commercial
electronic messages, as well as fraud and other
illicit activities related to their multiple sending.
The
ordinance covers electronic messages including
pre-recorded promotional voice messages, fax,
email, SMS and MMS messages.
The
messages covered must be for commercial promotion
purposes, and must have a Hong Kong link, the
Deputy Secretary for Commerce, Industry &
Technology Marion Lai and the Office of the Telecommunications
Authority (OFTA) Assistant Director So Tat-foon
explained.
A
Hong Kong link means the message should originate
from Hong Kong, or be authorised to be sent by
a person in Hong Kong or a Hong Kong company;
or the message should be received in Hong Kong
or sent to a Hong Kong telephone number.
Person-to-person
interactive communications will be exempted. Messages
sent in response to the recipient's request, invoices
or receipts, non-commercial messages, and sound
or video broadcasting services will also be exempted.
In
Phase I, the section of the ordinance which prohibits
the use of unscrupulous techniques to send out
large volumes of messages, will be enforced by
OFTA. The maximum penalty will be a fine of up
to $1 million and five years in prison.
Unscrupulous
techniques include using electronic address harvesting
software to send commercial electronic messages
without the consent of recipients, and generating
electronic addresses by automated processes to
send a unsolicited electronic message. Related
activities include accessing a telecommunications
device without authorisation to send multiple
commercial electronic messages, and falsifying
header information in multiple commercial electronic
messages.
This
section of the legislation will be enforced by
the police force, and warrants up to 10 years
in jail.
In
the second phase of implementation, which came
into force in December, 2007, the senders of commercial
electronic messages must provide accurate sender
information, provide unsubscribe facilities, and
honour unsubscribe requests within 10 working
days.
Senders
are also required to stop sending commercial electronic
messages, also known as spam, to people who list
their phone or fax numbers on three do-not-call
registers, to not withhold calling line identification
information, and to not send electronic mail messages
with misleading headings.
BACK
TO TOP
Hong
Kong Other Government Initiatives
The
government is trying to assist development of
electronic commerce with the implementation of
its Electronic Services Delivery (ESD)
programme.
The
first phase of the ESD scheme was launched in
the latter half of 2000 for the delivery of government
services online to the public via the Internet
and other possible electronic means. Through ESD,
the public can obtain government services 24 hours
a day, seven days a week. ESD was to be implemented
over an open, common information infrastructure
which will be available for use by the private
sector at a later stage for the conduct of electronic
transactions, thus facilitating the development
of electronic commerce in the territory.
Under
the first phase of implementation, 10 government
departments and public agencies provide a range
of services:
-
submission
of simple tax returns and tax payment
-
renewal
of driving and vehicle license
-
application
for business registration certificates
-
guides
on investment in Hong Kong and advice on business
licensing requirements
-
payment
of rates, government rent and water charges
-
job
search and matching service
Subsequent
phases are to be implemented on an on-going
basis. In the long run, the government aims
to include all public services amenable to electronic
delivery. Through the Interactive Government
Services Directory web site (www.igsd.gov.hk),
members of the public can access the web sites
of the participating organizations under the
scheme to apply for free electronic mail service.
In
January, 2005, it emerged that the Hong Kong authorities
had made their first arrest for unauthorised file
sharing activity in the territory.
According
to reports, the suspect used the BitTorrent file-sharing
program to upload three films onto a website to
allow others to access them.
Speaking
to the Associated Press, spokeswoman for Customs
and Excise, Agnes Law explained that the suspect
had not been charged, as the Department's investigations
were ongoing.
Such
copyright violations in Hong Kong carry the possibility
of a four year custodial sentence, and fines of
$6,400 per unauthorised copy made.
In
December, 2006, Hong Kong and Canada renewed a
memorandum of understanding to bolster co-operation
in information and communications technology.
Hong
Kong's Permanent Secretary for Commerce, Industry
& Technology (Communications & Technology)
Francis Ho and Canada's Department of Industry
Communications Research Centre President, Veena
Rawat signed the renewed memorandum at the ITU
Telecom World 2006 Hong Kong pavilion.
Canada,
Hong Kong's first information and communications
technology MoU partner, signed the original memorandum
in 1998. Both places have extended it twice since
then.
Under
the renewed MoU, the two places will seek co-operation
in the areas of: Software applications, products
and policy, including multimedia and digital entertainment;
Internet, e-Government, information technology
security and e-Health; and, Information and communications
infrastructure and related policy, including electronic
commerce, current and future issues in telecoms
policy, broadband networks and applications, and
wireless technologies and services.
BACK
TO TOP
|
LOWTAX.NET
13/07 
