(18 February 2014) The Office of the Privacy Commissioner for Personal Data ("PCPD") released today Privacy Management Programme: A Best Practice Guide (the "Guide"). The Guide outlines the building blocks of Privacy Management Programmes ("PMP"), a strategic framework to protect personal data privacy. It provides insight and guidance to organisations when they develop and improve their own programmes according to their specific circumstances, such as organisation size, nature of business, and the amount and sensitivity of the personal data they collect and manage.
At a ceremony held today by the PCPD, the Hong Kong Special Administrative Region Government, together with twenty five companies from the insurance sector, nine companies from the telecommunications sector and five organisations from other sectors, all pledged to implement PMP.
Although not participating in the pledge, the Hong Kong Association of Banks has indicated to the PCPD that the banking industry supports the voluntary PMP and individual banks will take necessary steps having regard to their own privacy protection framework to implement the principles of PMP.
Speaking at the PMP pledge ceremony, the Privacy Commissioner for Personal Data, Mr Allan Chiang remarked, "Regulatory experience has shown time and again that privacy and data protection cannot be managed effectively if they are merely treated as a legal compliance issue, with little or no involvement of the top management. A more effective response in this era of Big Data and rising public expectation for privacy protection is to be proactive and preventative, rather than reactive and remedial. Organisations should embrace personal data privacy protection as part of their corporate governance responsibilities and apply it as a top-down business imperative throughout the organisation. A strategic shift from compliance to accountability is required."
"To achieve accountability, it is of paramount importance for organisations to adopt holistic and encompassing PMP that ensure robust privacy policies and procedures are in place and implemented for all business practices, operational processes, product and service design, physical architectures and networked infrastructure. At the minimum, the outcome of this proactive approach is a demonstrable capacity to comply with the legal requirements. Executed well, it is conducive to building trustful relationships with customers or citizens, employees, shareholders and regulators."
"I am very pleased to be able to secure the support of the most important data users in Hong Kong in implementing PMP. I hope they will set the example of responsible privacy management for many other data users to follow," Mr Chiang further commented.
Officiating at the pledge ceremony is Mr Lau Kong Wah, Under Secretary for Constitutional and Mainland Affairs.
A list of organisations which have made the pledge to implement PMP is at Annex (www.pcpd.org.hk/pmp)
Privacy Management Programme: A Best Practice Guide can be collected at the PCPD office or downloaded from www.pcpd.org.hk/english/resources_centre/publications/files/PMP_guide_e.pdf
- End -
The Office of Privacy Commissioner for Personal Data, Hong Kong is an independent statutory body set up to oversee the enforcement of the Personal Data (Privacy) Ordinance in Hong Kong. Its mission is to secure the protection of privacy of the individual with respect to personal data through promotion, monitoring and supervision of compliance with the Ordinance.