InfoCloud

Welcome to InfoCloud
|
Change Text Size: A A A
繁體
简体
|

Welcome to InfoCloud
|
Change Text Size: A A A
繁體
简体
|

Change Text Size: A A A
繁體
简体

Latest News

15 Dec 2017
Speech by Ms. Joyce Mok, Acting Deputy Government Chief Information Officer, at the "第六屆粵港雲計算大會暨第一屆粵港澳大灣區ICT大會" (Chinese only)
28 Sep 2017
Opening Keynote Address by Ir Allen Yeung, JP, Government Chief Information Officer, at the “CAHK Business Luncheon Series 2017 - FinTech Forum - Topic: Secured Cloud Unified Communications Enabled Financial Services On The Go
24 May 2017
Speech by Ir. Allen Yeung, JP, Government Chief Information Officer, at “Cloud Expo Asia 2017– Information Security Summit
24 May 2017
Speech by Ir. Allen Yeung, JP, Government Chief Information Officer, at “Cloud Expo Asia 2017”
16 Dec 2016
Speech by Ir. Allen Yeung, JP, Government Chief Information Officer, at the “5th Guangdong-Hong Kong Cloud Computing Conference” (Chinese only)
16 Dec 2016
Keynote Speech by Mr. Boer Chan, Chief Systems Manager at the "5th Guangdong-Hong Kong Cloud Computing Conference" (Chinese only)
18 May 2016
Speech by Mr Victor Lam, JP, Acting Government Chief Information Officer at "Cloud Expo Asia"
18 Dec 2015
Opening Speech by Mr. Gary Lai, Assistant Government Chief Information Officer (Industry Facilitation) at “The CCSIG Executive Cloud Forum 2015”
03 Dec 2015
An Overview of ISO/IEC 27000 family of Information Security Management System Standards (PDF) (Updated)
17 Oct 2015
Speech by Ir. Allen Yeung, Government Chief Information Officer, at the "Hong Kong/Mainland Internet Industry Exchange Dinner" (Chinese only)
21 Aug 2015
Speech by Mr. Gary Lai, Assistant Government Chief Information Officer (Industry Facilitation) at the Seminar of "Cloud Computing for SMEs" (Chinese only)
23 Jul 2015
Speech by Ir. Allen Yeung, Government Chief Information Officer, at the "DatacenterDynamics Conference Hong Kong 2015"
10 Jul 2015
Speech by Ir. Allen Yeung, Government Chief Information Officer, at the "Cloud Tech Forum"

Related Sites

YueGang portal of cloud computing and information resource

Home > Cloud Service Providers > Practices and Guidelines

How Does Security & Privacy Concern Cloud Service Providers?

In the cloud service business, protection of customer data and privacy is a critical function and has increasingly become a key determinant of business success. Cloud service providers that demonstrate an ability to protect the PII entrusted to them can gain the trust and confidence from their customers. Failure to do so can lead to an erosion of customer loyalty, negative publicity, loss of potential business and legal proceedings.

What Cloud Service Providers should be aware of?

Cloud service providers should take practicable steps to ensure PII entrusted to them remains at all times protected against unauthorised or accidental access, alteration, processing, erasure or other use. In many cases, protection of PII is similar to protection of other data and includes protecting the confidentiality, integrity, and availability of the information. A checklist recommending the best practices for protecting PII in cloud platforms is provided for reference by cloud service providers, based on their roles as data processors and data users respectively. The checklist is by no means exhaustive. Cloud service providers should always examine their own risk profile and implement the most appropriate security measures.

Practical Guide on PD(P)O

For more detailed guidelines in handling personal data, cloud service providers can make reference to the publication titled "A Practical Guide for IT Managers and Professionals on the Personal Data (Privacy) Ordinance"^[1] published by the Hong Kong Computer Society.

Introduction to the Checklist

Cloud computing brings changes to the role and responsibilities on data governance when the data processing facilities are no longer fully owned by the data user. This checklist focuses on protection of personal identifiable information (PII) when processing PII on a cloud platform.

Using a cloud computing platform and service does not transfer the data protection responsibility to a cloud service provider. When PII data is collected, the collector is in control of the lifecycle of the PII data and responsible for meeting the obligations defined in the Personal Data (Privacy) Ordinance.

Terminology

The terminology adopted in this checklist aligns with the Personal Data (Privacy) Ordinance.

Term	Definition	Example*
Data Subject	Refers to a living individual, whose personal data is being processed.	The credit card applicant is the data subject.
Data User	Refers to the entity which owns the data collected from the Data Subject. This entity is responsible for the protection of the collected data throughout its entire data lifecycle.	The credit card issuing bank is the data user.
Data Processor	Refers to the entity which provides services or products to Data User when, collecting, processing or storing PII.	The data centre operator selected by the card issuing bank is the data processor.

* Using credit card application process as an example

^[1] Refer http://www.hkcs.org.hk/en_hk/home/publication/PDPO/ on the guide "A Practical Guide for IT Managers and Professionals on the Personal Data (Privacy) Ordinance" published by Hong Kong Computer Society