Information is at the core of digital economies, making obtaining it essential for meeting regulatory requirements, operating efficiently and making sound business decisions. Therefore, effective data management must be implemented by organizations of any size or industry in order to stay compliant and meet statutory regulations while still safeguarding security and privacy requirements for their data. Managing information effectively has never been more valuable or more complex; yet its value only grows more valuable every day.

As our world becomes more digitalized, the need for secure data centres has never been greater. Hong Kong boasts world-class infrastructure, network providers and interconnection options that make it the perfect location. Furthermore, government regulations offer incentives for investing in the territory.

In a press release issued by HKPAG, they announced they have entered into an MOU with China Association of Communications (CAC) to facilitate data flows between Hong Kong and mainland. This agreement will foster digital economy development by improving data use across borders. Furthermore, plans were also laid out to create a “data trust framework” to safeguard against breaches while encouraging best practices within this sector.

This agreement will benefit both parties by creating a comprehensive legal framework for the collection, processing and use of cross-border data. This framework will facilitate innovation, encourage investment and strengthen economic ties between both jurisdictions. Furthermore, it will advance Hong Kong’s reputation as a data-driven economy by streamlining data flow between regions.

Personal data refers to any information that can be used to uniquely identify an individual, including his/her name; identification number; contact details; location data and identifying factors specific to physical, physiological, genetic, mental, economic cultural and social identity of that individual. Under Hong Kong law’s Personal Data Protection Ordinance (“PDPO”) a data user must explicitly inform any data subject about its intended uses and classes of persons to whom his data will be transferred upon collecting his personal information.

The PDPO requires data users to take reasonable measures, either contractual or other means, to protect personal data against unauthorised or accidental access, processing, erasure, loss or use and is kept no longer than necessary for its collection purpose. If a data user hires a processor as an agent for processing operations outside Hong Kong then any breaches by that processor would fall within their liability and would be accountable to data subject as any liabilities accrue. Taking such steps ensures they can perform their obligations under PDPO while understanding any associated risks when processing personal data outside Hong Kong – something data users must consider carefully when outsourcing data processing operations outside Hong Kong.