Gold Certificate awarded to CityU for protecting personal data

Donna Wong

Share this article 

Gold Certificate of Privacy-Friendly Awards 2021
Ms Ada Chung Lai-ling, Privacy Commissioner for Personal Data (left), presents the “Privacy-Friendly” Gold Certificate to Mr Sunny Lee Wai-kwong, Vice-President (Administration) and Data Protection Officer at CityU for recognising the University’s accomplishments in data privacy protection.


Exceptional efforts put into protecting privacy relating to personal data at City University of Hong Kong (CityU) have been recognised in the local community.

CityU has been awarded the Privacy-Friendly Gold Certificate in the inaugural Privacy-Friendly Awards 2021 organised by the Office of the Privacy Commissioner for Personal Data. An online presentation ceremony on 4 March announced the results.

Mr Sunny Lee Wai-kwong, Vice-President (Administration) and Data Protection Officer at CityU, congratulated staff on this recognition.

“CityU treats data privacy with extreme seriousness and care. The University has in place a comprehensive personal data protection programme comprising education and training, policies and procedures, risk mitigation and management, and technology infrastructure. We recognise that data protection is a never-ending chase, and as such, we continue to commit resources and implement continuous improvements to combat new challenges,” Mr Lee said.

“In particular, we emphasise educating students and colleagues on daily and remote data privacy practices as well as tips to ensure a culture for respect for privacy among the University community and to avoid data privacy risks issues,” he added.

The awards acknowledge the effort that enterprises, government departments as well as public and private organisations invested in protecting personal data privacy.

CityU has received this highest level of recognition as a result of the University’s accomplishments in data privacy protection. These include having a data protection officer; discussion of matters relating to personal data privacy at the highest decision-making level; stating publicly the maximum retention period of some kinds of personal data held; having a data security breach notification mechanism; and training or education for staff on personal data privacy protection.


Contact Information

Communications and Public Relations Office

Back to top