Data Governance in Hong Kong
Data Governance is the process of setting up structures, policies and procedures that ensure your organization fulfills its promise to put data to use. Without the right people at work to support data governance initiatives, success would be impossible. So the first step should be identifying your core roles (these people will support, sponsor, steward and operationalize your governance program). In addition to that you should have a vision and business case which outline all opportunities data governance provides your organization.
Under Hong Kong statutory and common law, only personal data is protected under the Personal Data Protection Ordinance (“PDPO”). An identifiable natural person is defined as any living individual who can be directly or indirectly identified through reference to an identifier such as their name; identification number; location data; online identifier or factors specific to their physical, physiological, genetic, mental economic cultural or social identity.
Data users refers to individuals or joint users that independently control the collection, holding, processing and use of personal data. A data user must fulfill a number of legal obligations under PDPO including adhering to six data protection principles that form core obligations.
Data users must first obtain voluntary and express consent of data subjects to transfer personal data abroad for any other use than that specified in PICS. Such consent should also include categories of persons to whom this data may be disclosed. It should be noted that “data transfer” constitutes data use under DPPs.
To reduce these risks, organizations must establish and implement a strong privacy culture and data governance framework. This should involve training all staff on data privacy matters as well as conducting formal risk analyses on your data management processes and developing an ongoing program of audits and metrics to measure data quality as well as a primary point of escalation.
Data governance also necessitates the formation of a team of data stewards. These individuals serve as business and IT subject matter experts that help translate how your data governance framework will impact everyday business processes, decisions and interactions. It is best if these people possess both business knowledge as well as acting as communication bridges between both groups – this would include enterprise architects as well as senior business systems analysts as possible candidates as stewards.
Finalizing data governance within your organization requires having a leader who coordinates tasks for data stewards and communicates their decisions to key stakeholders. They should also drive ongoing data audits and metrics that assess programme success and return on investment (ROI). In addition, this person will serve as the go-to person when any issues can’t be resolved within your team and this ensures data governance remains at the forefront.