PCPD says HK firms get high marks in privacy sweep

Cisco will advocate for consistent global rules making privacy a fundamental human right (Image juststock / iStockPhoto)
Hong Kong organizations fared well during a global privacy sweep (Image juststock / iStockPhoto)

Hong Kong organisations are displaying high rates of compliance with the voluntary Privacy Management Programme (PMP), according to a new report from the Office of the Privacy Commissioner for Personal Data (PCPD).

During a global sweep of the privacy and data protection practices of organizations in 18 countries that are members of the Global Privacy Enforcement Network, including Hong Kong, the PCPD examined 26 organizations from different sectors to gauge their implementation of the PMP.

All participating Hong Kong organizations were found to have an internal data privacy policy that has been embedded into their everyday practices.

In addition, over 90% of participating organizations have a senior member of staff responsible for privacy governance, and 96% ensure that staff members are given comprehensive training to ensure their understanding of privacy policies, procedures and best practices.

But the report found that nearly 40% of organizations have room to improve in their procedures for notifying affected individuals and reporting to the regulatory authorities in the event of a data breach.

The findings nevertheless demonstrate high rates of compliance compared to the global results of the sweep.

Across the 18 countries, only 50% of organizations had a privacy policy that could be demonstrated to have been embedded into everyday practices, only half conduct regular data protection training and only 67% have a sufficiently senior level member of staff responsible for privacy governance.

“Organizations have to accept that personal data that they hold belongs to the customers. Customers provide their personal data to organisations based on a relationship of trust,” Privacy Commissioner Stephen Kai-yi Wong commented.

“Therefore, organisations are responsible for handling personal data in accordance with three Data Stewardship Values, namely being respectful, beneficial and fair, in order to meet customers’ expectations.”

Wong said organizatons looking to implement PMP should ensure they provide adequate data protection training to staff, conduct regular audits of privacy policies and practices, devise written procedures for handling data breach incidents, and maintain a comprehensive personal data inventory across the organization including records of data flow.



Suggested Articles

Verizon Media will expand its Yahoo Studio production studio in Hong Kong as part of its growth strategy for the market

Cloud security solutions provider Bitglass' regional channel boss Brendon Thwaites has left the company

An agreement links Cisco Meraki MX Security/SD-WAN appliances and its Auto VPN technology to Teridion’s cloud-based WAN service