Hong Kong privacy watchdog commissioner Ada Chung Lai-ling has warned that companies must comply with the privacy ordinance and generative artificial intelligence (AI) guidelines when using the technology to enhance product quality and create content.

The Office of the Privacy Commissioner for Personal Data on Monday issued new directives for employers to regulate staff use of generative AI tools in view of the growing trend of AI usage.

Speaking on a local radio program on Tuesday, Chung stressed that consent is required for any changes in data usage.

READ MORE: Seizing opportunities in AI: HK’s dedication to development

Two PCPD surveys in 2023 and 2024 found only 65 percent of AI-adopting businesses had implemented basic data safeguards like encryption or access controls, noting significant room for improvement.

According to Chung, more than 55 percent of surveyed firms have either established or plan to draft AI risk-management policies.

The Checklist on Guidelines for the Use of Generative AI by Employees aims to help businesses establish internal policies to mitigate privacy risks and ensure legal adherence amid rising AI adoption in workplaces.

Companies are urged to clearly define permitted generative AI tools, including public or in-house systems, and approved use cases, such as drafting documents or summarizing content. Firms must also specify the types and volume of data allowed for input, particularly regarding personal information.

Employees are barred from using AI for illegal or harmful activities and must verify outputs for accuracy through proofreading and fact-checking. Violations could trigger disciplinary action.

Chung also highlighted gaps in labeling AI-generated content, stating that while few local firms watermark or tag such material, jurisdictions like the Chinese mainland and overseas markets have already enacted related rules.

The guidelines specifically address common workplace applications of generative AI, such as chatbots and speech-to-text tools, for local institutes, providing recommendations for local institutions to safeguard privacy, ensure lawful and ethical utilization, maintain data security, clarify repercussions for policy breaches, and offer employee support.

Lawmaker William Wong Kam-fai, a member of the PCPD’s Standing Committee on Technological Developments, linked the guidelines to the nation’s “AI+” initiative, which drives high-quality development through innovation.

He said that as the city’s latest budget prioritizes AI advancement, these guidelines will facilitate secure integration of generative AI, safeguard personal data, and expedite the emergence of new productive forces across sectors.

Francis Fong Po-kiu, honorary president of the Hong Kong Information Technology Federation, warned that rising reliance on generative AI, including embedded tools that employees might unknowingly employ, would increase the risks of data leakage.

READ MORE: Hong Kong AI research institute to open as soon as next year

Citing Samsung’s 2023 prohibition of ChatGPT usage following vulnerabilities exposed by internal code uploads, Fong noted that Hong Kong companies face analogous threats with the proliferation of free AI tools.

He praised the PCPD’s guidelines as timely, adding that early adopters already align with its recommendations to preempt breaches.

To support compliance, the PCPD launched an AI security hotline (2110 1155) for corporate inquiries.