Protecting Personal Data in Hong Kong
Hong Kong’s free market economy, free flow of capital and simple tax regime make it a prime location for data centres. With strong demand from global financial, trading and logistics sectors, and their increasing reliance on ICT to support their business growth in Mainland China and the region, data centre space is booming here. The Government also provides a secure environment to protect the privacy of personal information, enabling companies to operate with confidence.
The Hong Kong Personal Data Protection Ordinance (PDPO) sets out six Data Protection Principles which apply to the collection, processing and use of personal data within Hong Kong. In addition, it prohibits the transfer of personal data outside Hong Kong unless specific safeguards are in place to ensure that personal data is treated with appropriate levels of security and protection.
PDPO requires that a data user inform the person to whom it relates before collecting his or her personal data, and identify the purposes for which such data is being collected. It also requires that the personal data be processed only for the purpose for which it is collected and that it will not be used for any other purpose without further consent from the person. PDPO does not require that a data user obtain the consent of its agent or contractor before using an individual’s personal data, but it does require the data user to monitor the agent’s or contractor’s compliance with the provisions of PDPO.
Creating a successful data governance program requires putting the right people in the right roles. Key to this is a data governance leader, who acts as the project manager and steward for the initiative. The leader must be someone who can act as a bridge between business and IT to ensure that all parties understand each other’s perspectives. Ideally, the leader will be an experienced project manager and should have the ability to lead cross-functional teams of people with varying skillsets and backgrounds. They will also be able to drive ongoing data governance activities and metrics that measure program success and ROI.