Data hk is a common abbreviation of Hong Kong, the special administrative region of the People’s Republic of China. The term relates to the city’s reputation as one of Asia’s most secure and carrier-dense network hubs, which hosts numerous global enterprise companies, networks and IT service providers.
The Hong Kong personal data protection regime is based on the common law and the Hong Kong Bill of Rights, which stipulates that “no person shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation”. The data hk concept is in contrast to that of the European Union (EU)’s GDPR, where an identifiable natural person is defined as “a living individual who can be identified, directly or indirectly, in particular by reference to an identifier such as name, identification number, location data or online identifier”.
To be able to use an individual’s personal information for a purpose, a data user needs to have a legal basis for doing so. If this cannot be demonstrated, the personal data should not be collected. Moreover, personal data must be collected for a lawful purpose and be adequate but not excessive in relation to that purpose. The data must also be processed fairly and lawfully, and not in an unauthorised manner.
Whether the collection and processing of personal data is lawful or not, the data user must fulfil a range of statutory obligations under the six DPPs, including notifying the purpose(s) of collecting the data to the data subject on or before collection. The data user must also expressly obtain the data subject’s voluntary and expressed consent before he can transfer the personal data to a class of persons that was not set out in the PICS, or use the personal data for a new purpose that was not stated in the original notification.
In addition, a data user must take reasonable steps to ensure that its agent or contractor complies with the data protection requirements of the PDPO and is liable for any breach of those requirements by the agent or contractor. This is typically done by using contractual provisions.
Data governance programs involve a lot of people, from employees to customers to partners—and they will all have opinions. The best way to manage this is to create a governance team and define roles and responsibilities. An effective data governance team includes both business and IT subject matter experts, who can serve as communication bridges across departments. Senior business analysts and data and enterprise architects are good examples of this type of role. This team should have an experienced project manager who can coordinate tasks and help data stewards understand their responsibilities. They can also serve as the primary point of escalation to the executive sponsor and steering committee.