Data hk refers to the collection and processing of personal information in Hong Kong, such as that collected via mobile applications, social media platforms or other online services.
Data protection in Hong Kong is generally provided through the Personal Data Protection Ordinance (PDPO). This law guards personal information against unauthorized access, disclosure, copying and destruction; additionally it mandates businesses notify individuals regarding changes in their personal information.
Personal information under Chinese law is defined as any data about an identified or identifiable natural person that relates to his/her intentions, behavior or any other form of data which can be used to identify them.” This definition aligns with international norms outlined by legislation like Personal Information Protection Act in mainland China and GDPR within Europe Economic Area.
Companies should establish a data governance framework that aligns their business goals with data privacy. To begin this endeavor, companies should put into place the necessary people and processes to support and govern data. As part of this effort, creating a vision and business case to outline goals of your data governance program – this serves as your strategic goal and details how you will achieve it.
Data Stewards play a critical role in your data governance framework as liaisons between your business and IT teams, acting as intermediaries between them and understanding their impacts on business processes, decisions and interactions. Experienced business analysts or senior systems analysts make ideal stewards.
Your steward must also be familiar with Hong Kong data laws. For instance, the Personal Data Protection Ordinance (PDPO) stipulates that those responsible for collecting, holding, processing or using personal data may only transfer it outside Hong Kong if that third party was included on a class of locations notified to data subjects prior to collection of their personal information; furthermore they must seek voluntary and express consent before making the transfer. On 29 December 2014 the PCPD published recommended model clauses to include in contracts dealing with personal data transfers outside of Hong Kong.
These clauses mandate that any data user transferring personal data abroad conduct a Transfer Impact Assessment before sending their personal information overseas, with its outcome determining whether additional measures are needed or not. If an adverse transfer impact assessment result occurs, either suspension or implementation of additional measures are mandatory; failing which the PCPD can fine them. Furthermore, data importers are required to notify data subjects that their information will be transmitted outside Hong Kong as well as providing any justifications behind their transfer.