What is PMP?

Privacy and data protection cannot be managed effectively if they are merely treated as a legal compliance issue. Instead, organisational data users should embrace personal data privacy protection as part of their corporate governance responsibilities and apply them as a business imperative throughout the organisation, covering business practices, operational processes, product and service design, physical architectures and networked infrastructure.

To this end, the formulation and maintenance of a comprehensive Privacy Management Programme (PMP) is of paramount importance. PMP should be a robust privacy infrastructure that:-

• has top management commitment and is integrated into the organisation's governance structure;
• establishes policies and procedures giving effect to the legal requirements under the Personal Data (Privacy) Ordinance;
• provides for appropriate safeguards based on privacy risk assessment;
• includes plans for responding to breach and incident; and
• incorporates internal oversight and review mechanisms.

Apart from ensuring legal compliance, PMP demonstrates the organisation's commitment to good corporate governance and is conducive to building trustful relationships with customers, employees, shareholders and regulators.