The government says it will look at how big the fines should be for companies that breach data protection laws to make sure they are acceptable to firms, while still having a deterrent effect.

Plans are in place to empower the Office of the Privacy Commissioner to fine those involved in data leaks, but some firms have expressed worries about being hit with stiff punishments for lapses, pointing to the sluggish economy.

During a Legislative Council session on Wednesday, constitutional affairs minister Erick Tsang said the government understands the concerns.

"The government is studying on how to appropriately adjust the legislative amendment proposals, e.g. whether to effect the legislative amendments by phases, thereby reducing the possible effect on business sectors; and how to suitably determine the amount of administrative fines, ensuring they are set at an acceptable level while not losing deterrent effect," he said.

Tsang told lawmakers there were 217 data breaches last year, a rise of nearly 30 percent from 2023.

Meanwhile, Election Committee lawmaker Carmen Kan asked whether the government could introduce a "shared responsibility" system when it comes to scams.

Kan said under such a system, various parties such as financial institutions, telecommunication and media firms would have to fork out compensation for scam victims if the companies were deemed to have failed in their responsibilities.

In response, financial services undersecretary Joseph Chan said a similar concept of shared responsibility over unauthorised transactions is already covered in existing laws.