Hong Kong (HK), formerly a British colony and currently an autonomous special administrative region of China, is an economic powerhouse and major business hub with dense concentrations of enterprises, networks and IT service providers. Equinix data centers located within Hong Kong provide direct interconnection to these key ecosystem players for seamless ecosystem collaboration.

Hong Kong government officials are exploring changes to the current definition of personal data protection under PDPO by shifting away from its requirement that it must involve identifiable individuals for protection under this framework. Such an amendment would broaden its coverage while adding compliance measures for businesses collecting and using individual information.

An effective data governance program demands clearly delineated roles with defined responsibilities and accountsabilities for each member of your team. Your group should consist of both IT subject matter experts as well as business subject matter specialists capable of serving as bridges between departments. Experienced business analysts, data architects and enterprise architects make great data stewards while senior IT project managers serve well as program leaders.

Data governance programs can be complex endeavors that engage multiple people. Therefore, it’s critical that an organizational structure reflects the scale and scope of your project, including an overall program leader who acts as point-of-escalation with executive sponsor and steering committee members. One useful organizational structure would be using a RACI matrix (Responsible, Accountable, Consulted and Informed). With this model in place it becomes easy to see who has responsibility for various aspects of your project and communicate this across an organization.

Under the PDPO, it is crucial that individuals understand that their rights and responsibilities extend beyond their own business. This includes having the ability to request that data users protect their personal data even if their business operates outside Hong Kong; for instance a cloud service provider must disclose personal information when asked by law enforcement agencies or regulatory bodies without valid reasons for refusing disclosure.