7

PCPD News

私隱專員公署通訊

•

Issue no. 29

經驗之談：從良好企業管治中實踐私隱管理系統

Experience Sharing for Privacy Management

Programmes in Good Corporate Governance

在公署於

2014

年

2

月

18

日舉行的保障私隱與企業管治國際會議上，多位講

者從理論和實踐的層面，分享建立和推行私隱管理系統的經驗。《私隱專

員公署通訊》為大家輯錄箇中精華。

An International Conference on Privacy Protection in Corporate Governance

was organised on 18 February 2014. During the conference, speakers shared

their views on the theory and practice of how to develop and maintain a

sound PMP. PCPD News recaps some of the highlights here.

Mr J Trevor Hughes

美國國際私隱專業人員協會（

IAPP

）

主席及行政總裁

President and CEO,

International Association of

Privacy Professionals (IAPP), US

鍾王穎婷女士

Mrs Elaine Chong

中華電力香港有公司

General Counsel,

CLP Power Hong Kong Limited,

Hong Kong

講者在國際會議上的簡佈：

www.

pcpd.org.hk/privacyconference2014

Presentation slides are available on

the Conference webpage:

www.pcpd

.

org.hk/privacyconference

有效的私隱管理系統，必須建基於私隱意識和問責性之上。問責的機構在不同方面都要有良好

的私隱管理，輔以相關的保障私隱知識和技能。不論是人力資源、財務、市場推廣等，所有範

疇的人員都需要對私隱保障有所認識，才可在日常處理個人資料時作出明智的決定，這亦是新

時代對私隱專業人員的要求。機構可能有最優秀的律師和專責私隱保障人員，但如果做決定的

人不諳私隱，可足令機構陷入危機，因此機構不單要培訓核心的保障私隱團隊，還必須為員工

就不同範疇的私隱事宜提供培訓。

The foundation of any effective privacy programme is privacy awareness and accountability. In

an accountable organisation, good privacy programme management – with privacy knowledge

and privacy skills – must be present in many different areas: human resources, finance, marketing,

and so on. Professionals in these departments need to understand privacy issues so as to make

good decisions every day when handling data. That is the definition of the new era of accountable

privacy professionals. You may have the best lawyer and privacy officer, but if one person who

makes a decision doesn’t understand privacy issues and risks, then the whole organisation is at risk.

Therefore, many organisations train not only a good core privacy team about privacy issues, but also

many other staff from different departments.

建立和推行私隱管理系統，可為企業和顧客創造雙贏局面。尊重顧客和建立超越符規的文化，

是驅使中電追求完備的私隱管理系統的原動力。在建立有效的私隱管理系統的過程中，與前線

人員保持雙向對話，以及善用科技處理網絡保安和預防資料外泄或損失，也相當重要。

另外，在推出新的服務或產品前，應進行資料影響評估，以確保機構公平使用相關的個人資料，

同時找出對策減低潛在的私隱風險，諸如儘量減少使用個人資料和在傳輸前把資料加密。

在執行方面，強而有力的領導至為重要。發生事故時冷靜地建議如求補救的醫生；嚴厲執行私

隱政策的「虎媽」；能夠洞悉各種潛在風險的偵探，抑或是滿腔熱誠，悉心培育尊重私隱文化的

園丁，以上多個角色，得由個別的機構抉擇最合適的風格。

The development and implementation of a PMP can create a win-win situation for both the

company and its customers. Respect for customers and fostering a “beyond compliance culture”

have been the motivation for CLP to develop a comprehensive PMP. To establish an effective PMP,

it is also important to establish two-way communication between the privacy team and front-line

staff, and leverage technology tools for cyber security and data-loss prevention.

Conducting a data-impact assessment before putting out a new service or product can help ensure that

the company uses the personal data involved fairly and effectively mitigates the potential privacy risks

by, for example, using as little personal data as possible, and using encryption when transmitting data.

When implementing a PMP, strong leadership is essential. You have to be a doctor, calmly

providing a remedy when an incident occurs, a ‘tiger mum’, enforcing privacy policy in the

company, a detective, tracing all potential risks, and a passionate gardener, nurturing your creation

on a daily basis so that the culture of respect for personal data in your organisation grows stronger

and better. It is up to companies to distinguish which winning style they would like to use.