With heightened public and media sensitivity and scrutiny on privacy, prompted by high profile intrusion incidents in recent years in Hong Kong and worldwide, the need to protect personal data privacy is one of the greatest challenges facing businesses and public organizations today. This is especially true in this era of ‘big data’ when the pervasive use of new information and communication technologies (“ICT”) has enabled the collection and use of vast amounts of personal data with phenomenal ease and efficiency, and generated immense opportunities for business innovations and government initiatives.

Recognizing the limitations of regulation and policy, Privacy by Design (“PbD”) provides a robust and comprehensive approach to safeguard privacy and addresses the ever-growing and systemic effects of ICT and large-scale networked infrastructure. It promotes embedding privacy as the default into the design, operation and management of ICT and systems, across the entire information life cycle. It seeks to make privacy integral to organizational priorities, project objectives and work standards. It is a holistic concept that may be applied throughout an organization, covering business practices, operational processes, product and service design, physical architectures and networked infrastructure.

The Data Protection Principles in Schedule 1 of the Personal Data (Privacy) Ordinance are affirmed by PbD. Extending beyond these principles, PbD attempts to seek the highest global standard possible and represents a significant raising of the bar in the area of privacy protection.

More information about PbD can be found at https://www.ipc.on.ca/ and https://www.ipc.on.ca/wp-content/uploads/resources/7foundationalprinciples.pdf.