Whether you’re building a new governance program or assessing the current state of your data management, it’s important to have a clear vision and business case. The vision spells out your broad strategic objective, while the business case articulates the specific business opportunity your data governance framework will address. Both will help you make the case for funding your data governance efforts and delivering on your expected return.
The PDPO defines personal data as information that can identify a natural person, directly or indirectly. The definition is wide and includes, among other things, names; identification numbers; location data; online identifiers; and factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person. While some jurisdictions have extended the scope of this definition beyond a direct link to a person, this is not the case in Hong Kong.
In addition, the PDPO requires data users to notify a data subject of certain details prior to collecting their personal information. This notification is normally a personal information collection statement, which specifies the purpose for which data is collected and the classes of persons to whom data will be disclosed. The PDPO does not explicitly require the provision of this notice in writing, although it is good practice to do so.
While most data governance programs start with a vision and business case, the success of those initiatives hinges on having the right people in place. The team should include a mix of business and IT subject matter experts who can translate how your data governance framework affects your organization’s decisions, processes and interactions. Business stewards are the bridges between business and IT and are often senior level business analysts with strong IT backgrounds. IT stewards are usually senior data or enterprise architects with deep technical knowledge of your business systems.
You also need a data governance leader to coordinate tasks for the stewards, drive ongoing data audits and metrics that assess your data governance program’s success and ROI, and be the primary point of escalation to your executive sponsor and steering committee. This individual may also serve as an evangelist for your governance effort and help build support from key stakeholders in your organization. Lastly, you need to have an IT data governance team to implement your policy framework and ensure the successful integration of your technology solutions into your governance program.