The Hong Kong Personal Data (Privacy) Ordinance (“PDPO”) mandates that any person who obtains personal data of another must only use it with their consent or that of that individual’s respective. While disclosure for law enforcement purposes may sometimes be necessary, PDPO provides grounds upon which data users can justify disclosing personal information for other uses.
One of the primary responsibilities of government and its agencies in Hong Kong is protecting others’ interests, which includes preventing serious crime and protecting public order and safety. Protecting national security and foreign affairs requires maintaining Hong Kong’s economic integrity while upholding national health and security; simultaneously protecting reputation of both government agencies as well as any misuse or collection of personal data beyond PDPO guidelines is another responsibility that falls on its shoulders.
An alternative method of collecting data about populations is through census enumerations or census. Here, governments collect and evaluate demographic information gleaned both through official sources and private organizations, so as to gain a better understanding of who their governed are and their needs for education, healthcare, economic development opportunities and social well-being.
Thirdly, personal data should be disclosed in response to requests from the public or official bodies. This can include requests under the PDPO as well as inquiries by law enforcement agencies or regulatory bodies regarding complaints, investigations or inquiries into suspected violations. Once obtained this data can be used in various ways to enhance public services and minimize fraud.
Personal data disclosure should always serve to protect an individual’s rights and interests, such as medical records. Such sensitive information can be collected for various reasons including improving patient care and safety, monitoring trends in health and conducting research; additionally it may help determine eligibility for certain social welfare programs.
An effective data governance program begins by creating a team consisting of both business and IT subject matter experts who serve as data stewards, providing communication channels between departments. Experienced business analysts make outstanding IT stewards, while data and enterprise architects serve as essential IT stewards. Team leaders often serve as responsible parties for overseeing the tasks of other stewards, initiating regular audits and metrics reviews, as well as serving as primary points of escalation to steering committee or executive sponsor. It is recommended that they are experienced project managers with expertise in leading teams. Implementing a Responsibility Assignment Matrix such as “RACI”, which stands for Responsible, Accountable, Consulted and Informed can help team members manage relationships more effectively while simultaneously informing each of their specific roles and how best to fulfill them.