1 / 6 Next Page
Information
Show Menu
1 / 6 Next Page
Page Background

1

Cloud Computing / July 2015

What is Cloud Computing?

There is no universally accepted definition of cloud computing. For the purpose of this leaflet, it is referred to as a

pool of on-demand, shared and configurable computing resources that can be rapidly provided to customers with

minimal management efforts or service provider interaction. The cost model is usually based on usage and rental,

without any capital investment.

Cloud Computing Engagement and the Ordinance

A data user shall comply with the requirements under the Ordinance including the

data protection principles

(“

DPPs

”) in Schedule 1. In particular,

DPP2(3)

,

DPP3

,

DPP4

and

Section 65(2)

of the Ordinance are of particular

relevance when engaging cloud providers.

DPP2(3)

provides that when a data user engages a data processor, whether within or outside Hong Kong, to

process personal data on the data user’s behalf, the data user must adopt contractual or other means to prevent

any personal data transferred to the data processor from being kept longer than is necessary for processing of the

data

1

.

DPP3

provides that personal data should not be used for a new purpose unless prescribed consent (i.e. express

and voluntary consent) is obtained from the data subject or his/her “relevant person” as defined under the

Ordinance.

DPP4(1)

requires a data user to take all reasonably practicable steps to ensure that personal data held by it is

protected against unauthorised or accidental access, processing, erasure, loss or use, having regard to:

(a) the kind of data and the harm that could result if any of those things should occur;

(b) the physical location where the data is stored;

(c) any security measures incorporated (whether by automated means or otherwise) into any equipment in

which the data is stored;

(d) any measures taken for ensuring the integrity, prudence and competence of persons having access to the

data; and

(e) any measures taken for ensuring the secure transmission of the data.

Cloud Computing

This information leaflet aims to advise organisations on the factors they should take into

account in considering engaging cloud computing. It explains the relevance of the Personal

Data (Privacy) Ordinance (the “Ordinance”) to cloud computing. It highlights the importance

for a data user to fully assess the benefits and risks of engaging cloud computing and

understand the implications for safeguarding personal data privacy.

1

See further details of this requirement in the leaflet “Outsourcing the Processing of Personal Data to Data Processors” issued by the Privacy

Commissioner for Personal Data (the “Privacy Commissioner”), available at

www.pcpd.org.hk/english/resources_centre/publications/files/

dataprocessors_e.pdf for details.

1 2 3 4 5 6  FlippingBook