Data Governance in Hong Kong
Data hk is a decentralized data architecture that addresses key modernization objectives in many organizations. It moves away from centralized, monolithic data architectures, such as the traditional enterprise data lake, toward a unified, self-service data infrastructure to deliver business value. Its principles, practices and technologies are designed to solve some of the most pressing unaddressed, data-driven business initiatives, such as digital transformation, analytics, and artificial intelligence (AI).
Hong Kong’s Personal Data Protection Act (PDPO) establishes data subject rights and specific obligations to data controllers through six data protection principles. Unlike some other Asian countries, it does not explicitly include extra-territorial application, but there are proposals to amend it to do so in the future.
A well-designed governance program begins with a clear vision and business case. The vision spells out the broad strategic objective, while the business case articulates a specific business opportunity. In addition, the business case should specify actual people (roles), technologies and processes that will be implemented in your governance program.
Your team of governance leaders should be a mix of business and IT subject matter experts. Business stewards are the bridge between business processes and decisions, and IT stewards understand the technology. Experienced business analysts make strong business stewards, while data and enterprise architects and senior business systems analysts are good IT stewards. A governance leader coordinates tasks for stewards and helps them communicate the decisions they’ve made to others. This person also drives ongoing data audits and metrics that assess program success and ROI.
US tech firms — including Google, Apple and Twitter — announced within a week of the national security law’s enactment that they had paused handling requests for user information from the Hong Kong authorities while reviewing the new law. Facebook, however, said it would not comply with any request for data unless the law is amended to clarify that emergency disclosure requests involving credible threats to life can be processed via the company’s global policy.
Moreover, the proposed amendments will allow authorities to seek information from anyone to assist investigations into doxxing – disclosing private information of individuals without their consent, or “doxxing.” It is likely that these new powers will be extended to foreign companies that operate in Hong Kong, and may even impact employees who work for such companies based overseas.