For the public, the need for the use of encryption communication against hacking of their e-mails is still very much a technical and recent topic. As early as 1998, encryption products were not widely available. In that year the Legislative Council (LegCo) was informed that the US government had revised in September 1998 its encryption policy to allow easier access to encryption software by a number of sectors in 45 destinations. These sectors included financial and banking institutions, insurance companies, health and medical sectors, and online merchants. Hong Kong was one of the 45 beneficiaries eligible for receiving powerful encryption products for use by these specific sectors.

In 2004, there was news in the market that when digitization of the Cable TV service was in progress, illicit decoders were already available for sale, and such decoders were capable of decoding the digital encryption technology of pay-television services. In 2007, we witnessed an item from the Finance Committee of LegCo approving a replacement of the radio system of the Hong Kong Police Force. The objective then was to use a digital system to replace the outdated analog system to allow a stronger and therefore more secure encryption, with additional encryption keys to cater for multiple-channel operations to enhance protection against eavesdropping or unauthorized access.

The law to protect from hacking in Hong Kong is a bit of a no-man's land and sporadic in nature. The word "encryption" is found in the Copyright Ordinance, which contains a small section protecting against the sale of modified game consoles installed with modified chips with a view to circumvent access control and copy protection measures. The Personal Data (Privacy) Ordinance is technology-neutral; the PCA did not assess the technical IT aspects of say smart ID cards. The Ordinance only focuses on the evaluation of management controls from an administrative perspective. For instance, focus was not put on the stringency of encryption algorithms but on the fulfillment of the requirement of government in employing encryption technology to achieve personal data protection.

But the importance of data in electronic communication is not something new. Back in 2009, Professor Howard Schmidt, president of the international Information Security Forum, said that data "is the gold, the silver and the diamonds of the world we live in, so no matter how someone gets access to your data - whether it's through a lost piece of media or a wireless network, it's just as dangerous and troublesome as if someone broke in and stole the entire computer system." London's Financial Times then argued that this is why companies worldwide are worrying about the challenge presented by the growth of wireless networking. On Aug 13 we heard that people in London have been secretly tracked by high-tech recycling bins. There is now a fast-growing commercial demand for consumer data - and it certainly raises questions about privacy in the digital age. It was reported that a London-based marketing group has been using a network of bins in the City of London to capture the unique identifier codes of nearby phones and logging some 4 million devices a week.

Lessons may be learned from the call for data protection in UK. It is now focusing on three aspects. First, it recognizes that retailers, like the supermarkets, are data-mining experts with loyalty card schemes. Second, attention was drawn to the fact that public bodies such as the police are legally allowed to access private data such as the identity of a web user or a mobile phone's location. Such bodies in 2011 reportedly made almost 500,000 requests for access to this data. Third, in the field of advertising, it was noted that the UK's biggest mobile operating companies, such as Vodafone, EE and O2, last year created Weve, a joint venture, in order to mine the vast amounts of data provided by their customers for use in targeted advertising.

Hong Kong is now well entrenched in the digital age and a regional financial and trade center. It ought to have a comprehensive regulatory scheme to protect commercial communication, and to promote encryption technology, if necessary, by the relevant regulation through our statute laws.