Known as a prominent financial hub connecting the Mainland with the rest of the world, Hong Kong is one of the most digitally connected cities globally, with a vibrant social media scene and active social media usage. A recent report revealed that as of January 2024, Hong Kong was home to almost 6.5 million social media users’ accounts, equating to around 86% of its total population. Another survey indicated that almost 90% of Hong Kong’s citizens over 10 years of age own a smartphone, which is roughly equivalent to 7 million persons. The significance and widespread adoption of social media, especially through mobile phones and other cellular devices, has reached an all-time high.
In addition to the general population, legal practitioners are increasingly recognising the value and potential of social media platforms to promote their services. More lawyers are leveraging social media for networking, communicating with clients and building brands as social media provides a ready platform on which they can showcase their expertise, engage with potential clients and stay connected with their professional network by establishing a strong online presence. However, as lawyers embrace these benefits of social media, it is crucial to understand and address the privacy risks associated with these platforms and mobile devices.
The types and amount of personal data stored on mobile devices, including sensitive personal information such as credit card details, health history, location data and other biometric information, provide valuable targets for hackers and cybercriminals. In the case of legal practitioners, such data may include their chat history with clients, which may contain sensitive legal documents and privileged information, confidential court files and business trade secrets.
A successful hacking attempt on a lawyer’s smartphone or a cyberattack on their social media accounts can have severe consequences, including unauthorised access to clients’ confidential information, reputational damage and even potential legal liabilities. Other social engineering attacks such as phishing scams, fake security alerts or fraudulent text messages that seek to trick individuals into divulging their personal information are common manipulative tactics to which social media users may fall victim. According to the latest report from the Hong Kong Computer Emergency Response Team Coordination Centre, 742 phishing incidents (out of 2,670 security incidents) were reported in the final quarter of 2023 in Hong Kong, a 2.8% increase over the previous quarter.
On a similar note, the Hong Kong Police reported a record high of 34,112 cases of technology-related fraud in 2023, representing a 50% increase from 2022. With a new victim falling prey every 13 minutes and fraudsters pocketing an alarming HK$25 million a day, social media platforms and mobile devices have become a common means for scammers and fraudsters to perpetrate their frauds. Therefore, it is imperative for users of these platforms and devices to be vigilant and guard against these insidious activities.
Against this background, my Office has published two leaflets entitled “Protect Your Personal Data – Smart Use of Smartphones” and “Protect Your Personal Data – Be Smart on Social Media”, which provide useful tips to help users minimise their personal data privacy risks when using smartphones and navigating social media platforms.
The leaflet on the smart use of smartphones outlines suggested ways for users to enhance the security of their smartphones, such as installing anti-malware software, turning on the “find my device” function and erasing data before repair or disposal of their smartphones.
The other leaflet on social media contains practical tips for users when they sign up for social media accounts, adjust the privacy settings and post information on social media platforms. Users may also read my Office’s report on “Comparison of Privacy Settings of Social Media” for more information on the performance of ten commonly used social media platforms in terms of their privacy functions, privacy policies and the usability of their privacy dashboards.
As the digital landscape continues to evolve, the ultimate solution to protect yourself lies in being cautious about your digital footprint and staying vigilant against any suspicious online activities. Only when everyone’s awareness is heightened can we work towards a safer and privacy-friendly digital environment.