Data hk is the aggregation and interpretation of data for the purposes of decision-making. It is commonly used in fields such as econometrics, epidemiology, social science and the arts. The information may be displayed in tabular format or presented graphically on charts and graphs. The data may also be sorted and analysed to find trends, patterns and correlations. It can then be used to create new models and make predictions. It is also important for businesses as it enables them to measure the performance of their products, services or processes.
Data are commonly collected in spreadsheets, databases and other software programs. These programs are often developed by third parties and sold for use by organisations. However, many organisations have their own internal systems and tools for collecting and analysing data. It is important for organisations to ensure that their data collection and analysis practices are compliant with the PDPO.
The first step in this process is to determine whether the data is personal data. Personal data is defined in the PDPO as information that can identify a living individual. It includes information such as the person’s name; identification number; location data; online identifier; and factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual. If the data does not meet this definition, then obligations under the PDPO in respect of the transfer are not applicable.
Another consideration is the jurisdictional scope of the PDPO. Unlike some other data privacy regimes, the PDPO does not contain any express provisions conferring extra-territorial application. Instead, the PDPO applies where a data user has operations controlling the collection, holding, processing or use of personal data in, or from, Hong Kong. This test is more stringent than the “controller” test in the GDPR.
Once the data is collected, it must be protected from unauthorised access, processing, erasure or loss, and it should not be retained for longer than necessary for the purpose for which it was collected. Data users are also obliged to notify the PCPD of any breaches of these requirements within 24 hours. The PCPD will investigate and prosecute where appropriate.
Finally, data users must inform the data subject of the purposes for which their personal data is collected and of the classes of persons to whom it may be transferred. This is usually accomplished through the provision of a PICS. It is also important to note that, as transfer is a form of use, the data user must obtain the voluntary and express consent of the data subject before transferring their personal data for a new purpose that was not set out in the original PICS.
