Whether it’s protecting against cybersecurity threats or complying with data protection regulations, the demand for experts in these areas will continue to grow. These professionals are needed to help businesses understand and manage the risks associated with a lack of data governance. They are also critical for ensuring that data governance programs can deliver a positive return on investment by aligning the organisation’s objectives and strategies to those of its customers and partners.
Data governance is a complex subject, and a successful project requires the support of multiple stakeholders across your organization. To achieve this, your project team needs to have a clear vision and business case for what it is trying to accomplish. A vision outlines the broad strategic objective and business opportunity of your governance program, while a business case is more specific and articulates the specific activities that are necessary to reach your goal. The latter may involve using a responsibility assignment matrix, such as RACI (responsible, accountable, consulted and informed).
One of the biggest issues with data governance is that it’s often not executed well. This can lead to the failure of data to be used for its intended purposes, which can introduce unnecessary privacy risks. To avoid this, it is important for businesses to have a clearly defined retention policy. This will ensure that personal data is only retained for as long as necessary and that it is eradicated after its use has been exhausted. This is why the Hong Kong government has recently proposed amendments to its data protection regime, which will require data users to formulate a clear retention policy.
While the exact form of these requirements is still being finalized, this proposal will add to existing obligations under the PDPO. For example, the PDPO already requires data users to notify a data subject of their purpose and the class of persons that the personal information will be transferred to, before collecting the data. Under the new requirement, this notification will need to include a specified retention period.
The proposed requirements will apply to any entity that controls the collection, holding, processing or use of personal data in Hong Kong. However, this will exclude entities that have no operations in Hong Kong but who are subject to the jurisdiction of the PDPO because of their involvement in a data transfer with a territory outside of Hong Kong. It is important to note that the PDPO does not include express provisions conferring extra-territorial application, unlike some other jurisdictions.
With a population of over 7.1 million, Hong Kong is an attractive location for international and regional businesses to operate. Equinix’s Hong Kong colocation facilities offer connectivity into this vibrant economic hub, where a dense concentration of enterprises, networks and IT service providers exist. This enables businesses to connect and interconnect directly to their peers and partners within Asia’s most carrier-dense network hub. For more information on our colocation services in Hong Kong, visit our marketplace.