The Importance of Data Protection in Hong Kong
The Data HK campaign aims to raise public awareness of the significance of personal data protection. It’s crucial that Hong Kongers understand how their information is being handled by businesses and what rights they have as individuals to access it. Led by Hong Kong government agency Privacy Commissioner for Personal Data (PCPD), this initiative aims to highlight this topical topic of personal privacy protection principles (DPPs).
The DPPs outline six core obligations which form the cornerstone of Hong Kong privacy law:
DPPs require that personal data is only collected for specified purposes and with informed consent from its subjects, while data users must not hold on to it longer than necessary for its processing purpose. Furthermore, PCPD is considering expressly mandating that every data user create and disclose a clear retention policy to individuals; whether this policy will work effectively depends on whether explicit notifications of individuals rights to request deletion/cease of all stored information would also be included within it.
With increasing cross-border data flow comes an increased concern about protecting individuals’ privacy rights when their data leaves Hong Kong. To this end, the PCPD has issued recommended model clauses to be included in contracts relating to transfer of personal data abroad; these model clauses require data users to take measures to ensure any processor not party to the contract adopts additional safeguards that bring its protection level closer to that required by PDPO laws and practices.
The PCPD is currently considering mandating that data users provide clear notice to individuals about which classes of persons their personal information may be transferred, in addition to providing notification as per DPP 2(3) of such intended transfers of their personal data to. This requirement could serve as an extension of current obligations placed upon data users who collect personal information before informing the subject of said intent and who are to receive said data in DPP 2(3).
The Personal Data Protection Ordinance imposes significant obligations upon data users and, should they fail to abide by it, can lead to significant fines and even imprisonment for responsible business executives. Noncompliance also has serious repercussions for any organization and their reputation if non-compliance occurs; furthermore it serves to emphasize ethical data handling practices within organizations while reinforcing accountability within companies – an important tool in creating privacy-friendly businesses while upholding high standards of data governance in Hong Kong.