Changes to the Companies Ordinance (Cap. 622) are already underway for the implementation of the so-called “new inspection regime” for the Companies Register, which is maintained by the Hong Kong Companies Registry.  The key driver for the change is to usher in a regime that protects the sensitive personal data of certain individuals, such as directors and company secretaries, by limiting inspection of such data by the general public.

The new inspection regime is being implemented in three phases:

• Phase 1 – Since 23 August 2021, companies have been able to withhold from public inspection the usual residential addresses (URAs) of directors and the full identification numbers (IDNs) of directors and company secretaries from their registers of directors and company secretaries respectively. This means that, for public inspection purposes, companies may replace the URAs of directors with their correspondence addresses and replace the full IDNs of directors and company secretaries with partial IDNs.  In effect, companies now have the option to keep two sets of the registers of directors and company secretaries – one for internal records and one for public inspection.
• Phase 2 – Commencing on 24 October 2022, the URAs and full IDNs (together the Protected Information) will not be available for public inspection on the Index of Directors on the Companies Register. Any Protected Information contained in documents filed at the Companies Registry after 24 October 2022 will not be available for public inspection, but certain Specified Persons (see below) can apply to the Companies Registry for access to Protected Information of directors and other persons.
• Phase 3 – Starting from 27 December 2023, data subjects (i.e. the persons to whom the personal data relates) will be able to apply to protect their Protected Information contained in documents filed at the Companies Registry prior to Phase 2, and to replace the same with their correspondence addresses and partial IDNs. Specified Persons (see below) will also be able to apply to the Companies Registry for access to the Protected Information of directors and other individuals.

Specified Persons include the person to whom the personal data relates (i.e. a data subject), a person who has been given written authorisation by a data subject, shareholders, public officers and public bodies, lawyers, practising accountants and financial institutions.

This updates an earlier news update published by MinterEllison LLP on 4 August 2021.