How a complete privileged access management program can help organisations meet “Principle 4 - Security of Personal Data”

The Hong Kong Personal Data (Privacy) Ordinance has been in effect since 1996, but critical changes made in 2012 and 2018 drove a stronger focus to the regulation that affected, not only organisations in Hong Kong, but also contractors that supply services to those organisations.

The objective of the Personal Data (Privacy) Ordinance (Cap. 486) is to protect the privacy rights of a person in relation to personal data in Hong Kong. It’s comprised of 6 main principles that govern every aspect of the life cycle of a piece of personal data. Everyone who is responsible for handling data (Data User) should meet these six data protection principles:

  • Principle 1— Purpose and Manner of Collection of Personal Data
  • Principle 2—Accuracy and Duration of Retention of Personal Data
  • Principle 3—Use of Personal Data
  • Principle 4—Security of Personal Data
  • Principle 5—Information to Be Generally Available
  • Principle 6—Access to Personal Data

This white paper will focus on covering the specific elements of Principle 4, concerning the Security of Personal Data, and how a complete privileged access management (PAM) program can help organisations meet the criteria entailed in this Principle.