Achieving a Positive ROI Through Data Governance

In order to ensure that your data governance program delivers a positive return on investment (ROI), it is important that you create a clear vision and business case. This is essential for driving the people, technologies and processes that are needed to support your organization’s business goals for data.

A strong governance framework requires a combination of roles to support, sponsor, steward and operationalize data policies. The roles that should be in place include a data governance leader, data evangelists, business and IT subject matter experts, and data stewards. These specialized roles are critical to building an effective data governance framework that delivers a business ROI.

Identifying the Identifiable Personal Information

The identification of an identifiable natural person is a core requirement under data protection law. Generally, this involves the use of a number, name or other identifier that can be used to track a person over time and across different contexts. However, it can also include other factors that can be used to distinguish one person from another (such as location data, online identifiers, characteristics specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person).

When a data user transfers personal data outside Hong Kong, they have an obligation to fulfil a range of statutory obligations. These are primarily defined by the six data protection principles (DPPs) of the PDPO, including DPP1 (purpose and collection of personal data) and DPP3 (use of personal data). When a transfer of personal data is contemplated, the data user must review its PICS to determine whether a transfer to a class of persons not set out in the PICS would constitute a new purpose for which the consent of the data subject is required, or whether it might otherwise be in breach of DPP3.

To ensure that data exporters meet their obligations when transferring personal data outside Hong Kong, the Privacy Commissioner has published recommended model contractual clauses. These can be found in the form of separate agreements, schedules to the main commercial agreement or as contractual provisions within the main commercial agreement. The model clauses are designed to provide a high level of protection for personal data transferred out of Hong Kong, while remaining proportionate to the overall commercial arrangements.

In particular, the model clauses require that the data exporter identify and adopt supplementary measures to bring the level of protection in the transfered personal data up to Hong Kong standards. These might include technical measures such as encryption, anonymisation or pseudonymisation; or contractual measures such as audit, inspection and reporting, beach notification and compliance support and co-operation.

China Mobile offers several roaming SIM cards that enable you to bypass the Great Firewall and use your HK-based devices in mainland China. The cheapest option is their regular prepaid SIM for HK$ 80, which comes with a credit of HK$ 78 valid for 180 days and includes 8 GB of roaming data for HK and mainland China (their network is throttled to 128 kbps beyond that). It is worth noting that they charge a monthly admin fee of HK$ 2.