As the public awareness, regulatory need, and the technical standard regarding personal data privacy evolves, colleagues may find it challenging to comply with these requirements when developing new IT application systems or revamping existing ones.

Endorsed by University IT Governance Committee (ITGC) in Feb 2022, the IT Security Policy for Application Systems on Personal Data Handling aimed to provide clear principles and easy-to-follow procedures to colleagues to handle personal data via IT systems.

The Principles of the Policy are:

• To ensure personal data is only used as intended and within (legal) restrictions
• To apply appropriate security measures to protect personal data
• To provide good security practices against hacking and eavesdropping

In addition, the policy also includes the latest technical standard in various areas for IT application developers to follow:

• Data encryption at rest
• Data encryption in transit
• Server protection and security hardening for on-premises application systems
• Server protection and security hardening for public cloud application systems

Please visit the ITSC website for the full description of the policy.