Secretary for Security Chris Tang said on Saturday the proposed legislation to improve critical infrastructure cybersecurity will not undermine privacy protection.
He made the comment after the bureau submitted a paper to the Legislative Council, that would require the reporting of cybersecurity incidents by operators crucial to the normal functioning of society.
Speaking on a radio programme, Tang said the bureau would only focus on protecting computer systems from hackers.
"Firstly the legislation targets critical infrastructure, there will be no effect on small- and medium-sized enterprises and individuals. Secondly, we have no interest in the personal information and the operational information included in the critical infrastructure. Our goal is to protect the system so it will not be attacked and therefore affect members of the public when services are disrupted," Tang said.
Tang highlighted that the government will only view a company's information after obtaining a warrant.
Under the proposed legislative framework, operators are required to set up a computer system security management unit, conduct a security risk assessment at least once every year, and an independent security audit at least once every two years, and report serious security incidents within two hours.
Penalties ranging from HK$500,000 to HK$5 million will apply to organisations that fail to comply.
Tang said the bureau received 53 submissions throughout the bill's consultation period, which came to an end on Thursday. Among all submissions, 47 of them were from industry sectors. 52 supported the proposed law and one from a United Kingdom human rights organisation opposed it.
He said such legislation is not unique to Hong Kong. Similar regulations are also implemented in Australia, Singapore and the United Kingdom.
He added that radio stations and television broadcasters are critical infrastructures, and the government will not intervene in day-to-day operations of newsrooms or news content.