(30 July 2015) The Office of the Privacy Commissioner for Personal Data (“PCPD”) published a revised Information Leaflet on “Cloud Computing” (“Information Leaflet”) to advise cloud users on privacy concerns, the importance to fully assess the benefits and risks of cloud services and the implications for safeguarding personal data privacy. This is an update of the publication PCPD issued more than two years ago to take account of the latest developments in the cloud market and the relevant data protection tools presently available.
Cloud computing is very attractive to many organisations, big or small, in both the public and the private sectors. Its fast set-up speed, affordable costs, and minimum management burden appeal to organisations seeking information technology (IT) support in new projects, as well as established IT operations.
The Privacy Commissioner for Personal Data, Mr Allan Chiang said, “If organisations are considering this form of outsourcing arrangements, they must understand the risks associated with entrusting their data to data processors which essentially operate under an environment of pooled computing resources. Generally, organisations have a lot more control over dedicated private clouds than shared public clouds.”
“The outsourcing of any processing or storage of personal data to third-parties does not relieve the organisations’ legal responsibility for the protection of the personal data they collect and hold. Cloud users should ensure that the data protection requirements under the Personal Data (Privacy) Ordinance are still effectively complied with by the contractor and its sub-contractors.”
The new Information Leaflet contains the following two highlights:
The Information Leaflet can be downloaded from the website of the PCPD (www.pcpd.org.hk/english/resources_centre/publications/files/IL_cloud_e.pdf) or obtained from the PCPD office (12/F, Sunlight Tower, 248 Queen’s Road East, Wan Chai, Hong Kong).
-END-