Hong Kong organisations are displaying high rates of compliance with the voluntary Privacy Management Programme (PMP), according to a new report from the Office of the Privacy Commissioner for Personal Data (PCPD).
During a global sweep of the privacy and data protection practices of organizations in 18 countries that are members of the Global Privacy Enforcement Network, including Hong Kong, the PCPD examined 26 organizations from different sectors to gauge their implementation of the PMP.
In addition, over 90% of participating organizations have a senior member of staff responsible for privacy governance, and 96% ensure that staff members are given comprehensive training to ensure their understanding of privacy policies, procedures and best practices.
But the report found that nearly 40% of organizations have room to improve in their procedures for notifying affected individuals and reporting to the regulatory authorities in the event of a data breach.
The findings nevertheless demonstrate high rates of compliance compared to the global results of the sweep.
“Organizations have to accept that personal data that they hold belongs to the customers. Customers provide their personal data to organisations based on a relationship of trust,” Privacy Commissioner Stephen Kai-yi Wong commented.
“Therefore, organisations are responsible for handling personal data in accordance with three Data Stewardship Values, namely being respectful, beneficial and fair, in order to meet customers’ expectations.”
Wong said organizatons looking to implement PMP should ensure they provide adequate data protection training to staff, conduct regular audits of privacy policies and practices, devise written procedures for handling data breach incidents, and maintain a comprehensive personal data inventory across the organization including records of data flow.