HK is one of the world’s most carrier-dense network hubs. Our Hong Kong colocation facilities connect customers into this rich industry ecosystem and provide them with direct interconnection to a wide range of enterprise, network and IT service providers. This is a crucial step for achieving their digital supply chain goals. Our customers leverage our global network of over 100 data centers to build and expand their networks in the region, while benefiting from a wide selection of carrier-neutral colocation services.
The collection of personal data is generally governed by the laws of Hong Kong, regardless of whether the data is processed inside or outside of Hong Kong. This applies even if the data cannot be used to identify specific individuals. However, there are certain exceptions to this general rule.
For example, the Hong Kong data protection law does not prohibit the collection of personal information from people who are attending a concert or other public event. This is because the law does not assume that a photograph taken at an event will be used to identify particular individuals. This principle can also be applied to CCTV recordings, logs of persons entering car parks and records of meetings that do not specifically identify individual speakers or participants.
In addition, the PDPO allows for the processing of personal data from Hong Kong residents outside of the territory if it is necessary to fulfil an agreement between the parties or comply with a legal obligation. This is known as extraterritorial application and is a significant exception to the general rule that personal data can only be collected within the territory.
There are many reasons why a person would need to collect personal information from a Hong Kong resident, such as providing an address for the delivery of goods or sending an email or text message. However, in most cases this is not permitted under the PDPO. It is important to understand the limitations of the PDPO when collecting personal information from Hong Kong residents, as it can be difficult to comply with these restrictions.
As a result, it is important to know what the PDPO does and does not cover in order to determine which laws govern personal data collection in Hong Kong. This will help businesses understand which data they must collect and how to legally process it.
In addition to the legal implications of the PDPO, there are also practical considerations that need to be taken into account when developing an information security plan. These include how to implement a system of controls and procedures for the collection, storage, and use of personal data. Fortunately, there are many tools available to help companies manage the complexity of the PDPO and protect their business operations. These tools include the development of an information security risk management strategy and a detailed privacy policy. By taking these steps, businesses can mitigate the risks of the PDPO and ensure they are compliant with local data protection law.