3

PCPD News

私隱專員公署通訊

•

Issue no. 29

蔣任宏希望承諾推行私隱管理系統的機

構履行責任，為其他資料使用者樹立良

好榜樣。

Over the year, the PCPD has been

working with the HKSAR Government,

the Hong Kong Federation of Insurers,

t he Commun i ca t i on s As s oc i a t i on

of Hong Kong, and the Hong Kong

Association of Banks to advocate the

implementation of PMPs in the sectors

concerned. As at 18 February 2014,

t he f o l l owi ng o r gan i s a t i ons have

pledged to implement

PMP

: the HKSAR

Government (including all bureaux and

departments), 25 insurance companies,

nine telecommunications companies and

five companies from other sectors. The

list of pledging organisations is available

at

www.pcpd.org.hk/pmp .

Although the Hong Kong Association of Banks

did not join the pledge, it has indicated to

the PCPD that the banking industry supports

the voluntary PMP and that individual banks

will take necessary steps, having regard to

their own privacy protection frameworks, to

implement the PMP principles.

What is a PMP?

A PMP is not a legal requirement provided

in the Personal Data (Privacy) Ordinance

(the “Ordinance”), but an interim

substitute for the Data User Return

Scheme (“DURS”) (see backgrounder on

page 4).

A PMP serves as a strategic framework

to assist an organisation in complying

w i t h l e g a l r e q u i r eme n t s o f t h e

Ordinance, as well as privacy risk

management. A PMP should be a

robust privacy infrastructure that:–

• has top management commitment and

is integrated into the organisation’s

governance structure;

• treats privacy and data protection as a

multi-disciplinary issue, with a special

focus on respect for customer or client

needs, wants, rights and expectations;

• establishes policies, procedures and

practices giving effect to the legal

requirements under the Ordinance;

• provides for appropriate safeguards

based on privacy risk assessment;

• ensures that privacy is built into all

initiatives, programmes and services;

• includes contingency plans for responding

to breaches and incidents;

• includes internal oversight and review

mechanisms;

• is kept current and relevant, and

remains practical and effective in a

rapidly changing privacy eco-system;

and

在

2014

年

2

月

18

日舉行的推展儀式上，香港特別行政區政府與

39

間來自保險業及其他行業的機構進行私隱管理系統。

The HKSAR Government and 39 organisations from the insurance, telecommunications and other sectors pledged to implement PMP at the Pledge Ceremony held on

18 February 2014.

• i s app r op r i a t e l y r e sou r ced and

managed by dedicated staff.

A PMP Can Create a Competitive Edge

Speaking at the PMP pledge ceremony,

the

Privacy Commissioner for Personal

Data, Mr Allan Chiang

, remarked, “Our

Regulatory experience has shown time

and again that privacy and data protection

cannot be managed effectively if they

are treated merely as a legal compliance

issue, with little or no involvement of top

management. A more effective response

in this era of Big Data and rising public

expectations for privacy protection is

to be proactive and preventative, rather

than reactive and remedial. Organisations

should embrace personal data privacy

protection as part of their corporate

governance responsibilities and apply

it as a top-down business imperative

throughout the organisation. A strategic

shift from compliance to accountability is

required.”

“To achieve accountability, it is of

paramount importance for organisations

to adopt a holistic and encompassing

PMP that ensures robust privacy policies

and p r ocedu r e s a r e i n p l ace and

implemented for all business practices,