Hong Kong Research Study finds Hong Kong organizations have made significant strides in embracing data protection as part of their corporate governance responsibilities, shifting from compliance to accountability.
TORONTO, CANADA and HONG KONG: 10 June 2015 5:30 PM HKT - Nymity announced today the results of the Hong Kong Accountability Benchmarking Micro-Study (“Accountability Benchmarking Micro-Study”) at an interactive workshop conducted at the Office of the Privacy Commissioner for Personal Data in Hong Kong (“PCPD”). The collaboration with Nymity for the Accountability Benchmarking Micro-Study is part of the PCPD’s ongoing initiative to promote an accountability approach to privacy through the adoption of the Privacy Management Programme (“PMP”) in Hong Kong.
This Study is helpful in understanding the current status of how privacy is being managed in Hong Kong, especially relevant with its comparison of each area of the “Privacy Management Programme: A Best Practice Guide,” with the privacy management activities identified in the Nymity Privacy Management Accountability Framework™. It is gratifying to note that many organisations are taking privacy seriously and the subject is now on the agenda of their top management. I hope more organisations will share my belief that privacy and data protection is a new competitive differentiator that wins customer trust and loyalty" said Mr. Allan Chiang, Privacy Commissioner for Personal Data in Hong Kong (PCPD).
The Accountability Benchmarking Micro-Study highlights the current status of privacy management in participating organizations in relation to the structure and outline of the PCPD’s Best Practice Guide. Key findings of the benchmarking analysis report include:
- As a priority, participating organizations have implemented activities that focus on legal compliance requirements and a specific Code of Practice (HR Management) issued by the PCPD.
- Participating organizations have invested heavily in privacy and data protection measures related to technical and security measures, records retention, data privacy notices and policies, requirements for processors, and maintaining and responding to access requests.
- Participating organizations indicated their endeavour to further develop the privacy management programme in the following areas: training and awareness; managing third-party risk; access requests, inquiries and complaints; expanding PIA programs and implementing privacy by design procedures; and, testing incident and breach protocols.
In some areas of privacy programme management, the Accountability Benchmarking Micro-Study also compares performance of organizations in Hong Kong with other large multinational organizations. Notably, a higher percentage of organizations in Hong Kong implement personal data inventory and data classification compared with other global organizations. (Source: “Nymity Privacy Management Program Benchmarking: Measuring Accountability Report").
It was my great pleasure to work with the PCPD on this benchmarking effort and to lend support to the PCPD’s initiative to promote the adoption of PMP by Hong Kong organizations to advance an accountability approach to privacy and data protection. I look forward to further micro-studies with other organizations, industry associations, or Regulators in this area,” said Teresa Troester-Falk, Chief Global Privacy Strategist, Nymity Inc., commenting on the collaboration with the PCPD on this study.
Participation in the Study was voluntary and invited organizations included members of the PCPD’s Data Protection Officers’ Club and organisations in Hong Kong that made a pledge to implement the PMP outlined in the “Privacy Management Programme: A Best Practice Guide”. To participate in the Study, organizations in Hong Kong provided information on the status of their organization’s implementation of a wide range of privacy management activities. The underlying structure for the Accountability Benchmarking Micro-Study is the Nymity Privacy Management Accountability Framework™, an ongoing Nymity research project to identify and scope all privacy management activities around the world. The Nymity Privacy Management Accountability Framework is industry and jurisdiction neutral, providing a structure for mapping to any law or Regulator accountability framework. The Nymity Privacy Management Accountability Framework is freely available for organizations and may be licensed free of charge by Privacy and Data Protection Regulators.
Nymity invites organizations, associations, and Regulators to collaborate on privacy management status research studies. To learn more about conducting an accountability benchmarking micro-study, please visit www.nymity.com/accountabilitymicrostudies or contact us at email@example.com.
A summary and full report is available at www.nymity.com/accountabilitymicrostudies.
View the full press release here.
The Office of the Privacy Commissioner for Personal Data in Hong Kong (PCPD) is an independent statutory body set up to oversee the enforcement of the Personal Data (Privacy) Ordinance (Cap. 486) which came into force on 20th December, 1996. In February 2014, the PCPD published the “Privacy Management Programme: A Best Practice Guide”. To learn more about what the PCPD has done to promote the Privacy Management Programme, please read: http://www.pcpd.org.hk/pmp. Enquiries may be directed to firstname.lastname@example.org.