Despite the wide-spread use of data, many organisations still struggle with implementing a successful data governance program. Getting the right people and technologies in place to support your data governance program is crucial. A vision and business case is also needed to define your strategic objectives and articulate the specific opportunities that will be unlocked by a governance program.
Earlier this year, Google, Facebook and Twitter said they would stop handling government requests for user information in Hong Kong as a result of new legislation to combat “doxxing”, or the malicious publishing of private or identifying data. The companies had previously complied with hundreds of requests in the year prior to the law’s enactment. The new law aims to criminalise doxxing and empower the city’s privacy watchdog to request information from any company, even overseas, to investigate doxxing. The move has prompted an industry group, which includes Google, to write a letter on behalf of its members to the Hong Kong government, warning that it may have to pull investment or services from the city if it proceeds with the new law.
Aside from a clear strategy, data governance programs must have the right people in place to ensure success. The best way to ensure your team has the skills and capabilities to implement a robust governance program is to partner with a trusted technology vendor that can help you achieve your goals. Tech Data Distribution (Hong Kong) (“Tech Data HK”), the leading global distributor and solutions aggregator for IT ecosystems, has entered a strategic partnership with Allied Telesis, an international provider of network infrastructure solutions and a leader in Software-Defined Networking (SDN).
The PDPO requires data users to have appropriate policies, procedures and controls in place to protect personal data from unauthorised access, processing, erasure, loss or theft. It also stipulates that data users must notify the PDPO of any breaches or incidents that affect the protection of personal data within 24 hours. This includes where the breach is deemed to have a “substantial impact” on the data subject, such as an identity fraud or other serious personal harm.