The Internet of Things creates enormous amounts of data, and new sources are emerging daily. These sources vary from traditional databases to sensor-based technologies like drones, railroad freight vehicles and trucks that have sensors to monitor speed, location, fuel consumption and more. Enormous amounts of this data must be gathered, stored and analysed. Some companies create huge repositories called data lakes to hold this data. The best way to handle these enormous amounts of information is by using a data governance program. This will involve many people, including employees and customers. Many will have strong opinions, and it’s important to organize the process well. One of the best ways to do that is by using a responsibility assignment matrix, such as RACI (responsible, accountable, consulted and informed). This will help ensure that people provide input and get approval at the right time and that everyone understands their individual responsibilities.
Padraig Walsh from the data privacy practice group at Tanner De Witt explains the key points to remember when managing personal data transfers. Whether they’re going from Hong Kong to elsewhere or across business entities, understanding the law around these transfers is vital for efficient compliance and minimised risk.
Under current statutory and common law in the Hong Kong SAR, only personal data is covered by the Data Protection Ordinance. Article 14 of the Hong Kong Bill of Rights stipulates that no person shall be subjected to arbitrary interference with his privacy in relation to his family, home and correspondence or unlawful attacks on his honour and reputation. It is therefore critical for organisations to take into account the extra-territorial application of this legislation when managing personal data transfers. Using a contract, contractual clauses or other means, data users must make sure that personal data is protected from unauthorised access, processing, erasure, loss or use, both within and outside of Hong Kong.