In an age of big data and ever-increasing cyber attacks, ensuring that personal information is securely stored and managed is essential. In Hong Kong, this is a particularly complex task, given the high levels of data protection and security required by the jurisdiction. This article explores some of the key issues facing businesses seeking to meet their data management obligations in the territory.
The Hong Kong government has recently made significant efforts to improve its cybersecurity capabilities, but there are still many challenges ahead. The government needs to continue working with industry and other stakeholders to address gaps in its cyber defences, and develop policies that promote best practices across the territory. In addition, it needs to ensure that new technologies are integrated into its security framework, and that the city’s citizens have adequate training and access to resources to manage these tools.
Modernisation of Hong Kong’s data protection laws is a long-standing goal, but until this happens, businesses should take care to understand their obligations under the existing framework, and how these might differ from their duties in other jurisdictions. Moreover, they should seek expert advice where necessary to ensure that they are complying with all applicable legislation.
As an established business hub with a robust legal framework, reliable infrastructure and excellent connectivity, Hong Kong remains an attractive location for data centre operations. However, the high cost of land and energy shortages are limiting the development of the sector. As a result, companies are increasingly outsourcing their data centres to third-party providers to cut costs and increase efficiency.
Despite these challenges, the future of data centres in Hong Kong looks bright. As restrictions on cross-border transfers of data ease, demand for storage will increase, and the city is well placed to provide this service. Moreover, the upcoming Mainland–Hong Kong Closer Economic Partnership Agreement will further boost demand for cloud services, further strengthening Hong Kong’s position as a regional data centre hub.
The HKID data is sensitive and must be collected and handled in accordance with the PDPO. This includes ensuring that it is not publicly displayed together, or made available to anyone beyond those who need it for the purpose in question. Staff cards, for example, usually exhibit a person’s name, photograph, company name and employee number, all of which are likely to be classified as personal data under the PDPO. Consequently, these records should not be shared with other data users without explicit consent. The PDPO also requires that businesses make clear to employees their rights and responsibilities with regard to the HKID data they collect. This is an important step towards improving transparency and accountability. It will also enable the HKID to become a trusted source of information for individuals, businesses and public authorities. As a result, the HKID will be able to provide more accurate, comprehensive and up-to-date data on an individual’s status and entitlements in Hong Kong. This will in turn help to create a fairer, more effective and responsive society.