Data Governance in Hong Kong

Hong Kong Special Administrative Region (SAR) is taking steps to leverage technology and data for productivity purposes and smart-city initiatives. A new office for drafting digital policies is set to open by mid-year; with technology serving economic development goals while simultaneously providing quality living standards.

An integral component of that goal will be making use of big data to improve public services and enhance people’s wellbeing. To that end, the government has already signaled its intent to review existing laws and regulations to ensure data is used for the good of society while protecting individuals’ privacy. A task force was also established to review existing data laws, such as the Protection of Personal Information Act. These efforts aim to modernise it to meet new technologies challenges.

In the interim, the Hong Kong Privacy Commissioner has provided two sets of recommended model contractual clauses to aid data transfer compliance. One relates to personal data transferred between data users within Hong Kong and those operating outside; while the second deals with transfers between entities based in Hong Kong and those located elsewhere.

Data users must uphold several stringent requirements of the PDPO when transmitting personal data outside Hong Kong, such as providing explicit notice to each data subject of its purpose and who it may be shared with, either verbally or through written documents.

An essential factor when assessing whether this requirement has been fulfilled lies with defining who counts as a “data user.” While several data privacy regimes include an extraterritorial application element, Hong Kong differs by not permitting extraterritorial application of their data privacy regimes. Data users in Hong Kong include anyone who controls the collection, holding, processing or use of personal data – whether alone or jointly or collectively with others – therefore it’s imperative that businesses understand how the territorial scope of PDPO impacts their processes and decisions when planning transfers of personal data between territories.

Establishing an effective data governance framework begins with creating a vision and business case. A vision should outline the broad strategic objective for developing a governance program, while the business case lays out specific opportunities that should be leveraged. Both documents will form the foundation for a data governance roadmap that details roles, technology and processes necessary to support your business goals. For a successful data governance program, it is imperative that the appropriate people be assigned roles. These roles will support, sponsor, steward and implement your governance program. They include business stewards who serve as liaisons between business and IT and must possess strong IT knowledge as well as superior business analysis skills – senior business systems analysts or enterprise architects are excellent candidates for these roles.

Archives

October 2024
M T W T F S S
 123456
78910111213
14151617181920
21222324252627
28293031  

Recent Posts

Categories