Does your organisation manage personal data as part of its corporate governance programme? If not, some form of management programme is something to consider.
In January 2014, Hong Kong’s Privacy Commisioner for Personal Data (PCPD) launched the Privacy Management Programme – A Best Practice Guide.
The guide shifts the focus from compliance to accountability as companies are being urged not just to ensure that they comply with mandatory legal obligations, but to also manage, handle and be accountable for customer and employee personal data in accordance with good corporate governance principles.
[ihc-hide-content ihc_mb_type=”show” ihc_mb_who=”1″ ihc_mb_template=”2″ ]
A privacy management programme (PMP) is not a legal requirement under Hong Kong’s Personal Data (Privacy) Ordinance, but the PCPD advocates that data users should embrace personal data privacy protection at the highest levels of management and apply it as a business imperative throughout the organisation.
The guide is not legally binding, but failure to comply with the provisions may be taken into account by the PCPD when investigating whether there has been a breach of the ordinance. As a result, it is important for organisations to be familiar with and embrace the new guidance.
The guide is divided into two parts. Part A outlines the baseline fundamentals of a PMP.
The key components of a PMP are organisational commitment to a privacy-respectful culture, including appointing a data protection officer and establishing an internal reporting mechanism, and programme controls to ensure compliance with the ordinance (for example, maintaining a personal data inventory, conducting periodic risk assessments, organising training sessions for employees and devising a data breach handling procedure).
Part B discusses how to maintain and improve a PMP to ensure ongoing effectiveness, compliance and accountability. For example, the organisation should develop an oversight and review plan to keep the PMP on track and up to date, and periodically monitor its programme controls and revise where necessary.
The full text of the guide can be found on the PCPD’s website at: http://www.pcpd.org.hk/english/publications/files/PMP_guide_e.pdf.
消费者权益保护 CONSUMER PROTECTION
[/ihc-hide-content]
