Skip to content

Professional Workshops

Professional Workshops

Professional Workshop on Data Ethics

Big data analytics, artificial intelligence and machine learning are increasingly applied to various business operations to improve operational efficiency, but at the same time different privacy issues also arise from these applications.

Data ethics is the world trend of responsible management of personal data. Organisations that amass and derive benefits from personal data should ditch their mindset of conducting their operations to meet the minimum regulatory requirements only. They should also be held to a higher ethical standard that meets the stakeholders’ expectations by doing what they should do.

This workshop aims to help organisations understand the data ethics stewardship management value and models, and how to implement data ethics in their daily operations. Ethical use of personal data can improve business reputation and enhance stakeholders’ confidence, thus enabling organisations to fully reap the benefits of the data-driven economy.

Who should attend : Data protection officers, compliance professionals, company secretaries, solicitors, executives from business and public sectors, and those who are interested in keeping abreast of the data protection trend and best practices

Course outline:

- Why data ethics are important in the digital era

- Ethical Accountability Framework

  • Data stewardship values
  • Guiding principles and organisational policies and procedures
  • When and how to conduct an Ethical Data Impact Assessment
  • How to assess the effectiveness of an organisation’s data stewardship programme – the Process Oversight Model

- Global development on data ethics

>> Click here to enrol

Data Protection in Property Management Practices

Participants will learn how to comply with the requirements under the Personal Data (Privacy) Ordinance (“the Ordinance”) when engaging in property management practices that involve the collection and use of personal data from flat owners, residents, visitors, car park users and others. Key features of the “Guidance Note on Property Management Practices” will be highlighted.

Property management officers face many data protection compliance challenges in their daily operation as many aspects of their work involve the collection and use of personal data of flat owners, residents, car park users and others. This workshop takes a holistic approach to the handling of personal data in property management and provides practical steps to address the challenges.

Who should attend : Property Management Personnel, Data Protection Officers, Compliance Officers, Solicitors, members of Owner’s Corporation.

Course outline:

  • Understanding the “Guidance on Property Management Practices”
  • Legal requirements for the collection of personal data from flat owners, residents, visitors, car park users and others and how to ensure their accuracy and security
  • Collection of personal data in processing building entry pass or smart card
  • How to set out the retention period of personal data collected from flat owners, residents, visitors, car park users and others
  • What are the requirements for disclosing personal data to third parties, e.g. posting of minutes of meeting and notices that contain personal data
  • What are the privacy issues relating to public surveillance
  • Use of ICT for property management and the relevant data protection issues
  • Data Ethics

>> Click here to enrol

Data Protection in Human Resource Management

This workshop is designed for human resource practitioners learning how to meet the requirements under the Personal Data (Privacy) Ordinance ("the Ordinance") in handling large amount of employees’ personal data in the different phases of employment process.

Human resource practitioners handle a large amount of employee data in the course of their work. The collection, use and retention of employee data carry significant legal responsibilities and risks. It is therefore a great challenge for human resource practitioners to meet the requirements under the Ordinance and the Code of Practice on Human Resource Management. Participants will learn the good practices in handling personal data in each phase of the employment process.

Who should attend : Human Resource Officers, Data Protection Officers, Compliance Officers, Solicitors, Administration Managers, Recruitment Agents.

Course outline:

  • What are the general requirements for the collection and retention of personal data, and ensuring their accuracy and security in each phase of the employment process
  • What are the requirements of the Code of Practice on Human Resource Management
  • Collection of personal data in recruitment process e.g. medical data, reference data
  • What are the legal requirements in transferring personal data to third parties
  • Collection of biometrics data
  • How to handle a Data Access Request by job applicants or employees
  • What are the requirements for engaging in employee monitoring activities
  • How to tackle employees’ personal data privacy issues arising from COVID-19
  • Data Ethics

>> Click here to enrol

Data Protection in Direct Marketing Activities

This workshop focuses on the collection and use of personal data for direct marketing purposes. You will learn how to comply with the requirements under the Personal Data (Privacy) Ordinance (“the Ordinance”) and put this into context with your responsibilities in the company.

Direct marketing is widely adopted by different types of organisations in promoting their products and services. In Hong Kong, the use of personal data in direct marketing activities is governed by the Ordinance. Since the new direct marketing regime took effect from 1 April 2013, some companies were convicted for failing to comply with the requirements which present risks to a company’s value and consumer trust.

This workshop provides a practical approach to the compliance of the requirements under the Ordinance in direct marketing activities and provides hands-on solutions to problems that marketers face in devising direct marketing activities. Conviction cases will also be shared with the participants.

Who should attend: Data Protection Officers, Compliance Officers, Company Secretaries, Administration Managers, IT Managers, Solicitors (in house or private practice), Database Managers, Marketing professionals

Course outline:
  • Statutory requirements for collecting and using personal data
  • Statutory requirements for carrying out direct marketing activities
  • The handling of an "opt-out" request
  • Practical tips on handling Direct Marketing related queries
  • Conviction cases

>> Click here to enrol

Data Protection and Data Access Request

This workshop provides practical guidance on issues relating to compliance with a Data Access Request ("DAR") raised by customers or employees.

There are stringent requirements for compliance with a DAR under the Personal Data (Privacy) Ordinance. Dealing properly and effectively with a DAR is a challenge for many organisations. This workshop will examine in details those requirements and offer guidance on the handling of a DAR.

Participants may already be dealing with DARs and want to review their handling or may never have dealt with DARs and want to develop processes. They will learn how to deal with DAR and avoid pitfalls. There will also be plenty of opportunity for questions during the workshop.

Who should attend: Solicitors, Data Protection Officers, Administration Managers, Human Resource Officers, Customer Services Personnel.

Course outline:

  • What is a DAR
  • What is subject to access under a DAR
  • Who may make a DAR
  • How to make a DAR
  • What should a data user do in order to comply with a DAR
  • Charges for a DAR
  • Grounds for refusing to comply with a DAR
  • Steps to take in refusing to comply with a DAR
  • Protection for third party data when complying with a DAR
  • Consequences of breach of the DAR provisions
  • Data Ethics

>> Click here to enrol

Data Protection in Banking/Financial Services

This workshop examines the personal data privacy issues facing banking and financial personnel in their daily operation and provides practical steps that can be taken to deal with the issues effectively.

This workshop is designed for banking and financial personnel who wish to acquire knowledge on the requirements under the Personal Data (Privacy) Ordinance (the PDPO) in different aspects of the banking and financial services and the practical ways to deal with them effectively in their daily operation.

Who should attend: Data Protection Officers, Compliance Officers, Company Secretaries, Solicitors, Advisers and other personnel undertaking work relating to the banking/financial industry.

Course outline:

  • An overview of the relevant requirements under the PDPO 
  • Privacy and Ethical Implications of New Technologies
    • Collection and use of customers’ biometric data
    • FinTech and personal data privacy
    • Privacy Management Programme and Data Ethics
  • How to comply with the requirements of the PDPO in daily operations of the banking industry
    • collection and use of customers’ personal data
    • handling of customers’ personal data in debt collection
    • handling of customers’ data access requests
    • use of customers’ personal data for direct marketing
    • outsourcing the processing of personal data
  • Code of Practice on Consumer Credit Data
  • Recent topical issues on data privacy

>> Click here to enrol

Data Protection in Insurance

This Workshop is designed for insurance practitioners who wish to acquire the knowledge to protect customers’ personal data in providing insurance services to the public. The course will highlight the key features of "Guidance on the Proper Handling of Customers’ Personal Data for the Insurance Industry" and privacy issues specific to insurance institutions and insurance practitioners.

Insurance practitioners handle a large amount of customers’ personal data in their daily work e.g. name, telephone number, address, identity card number, health record, information contained in insurance application forms and insurance policies etc. It is essential that they understand and comply with the requirements under the Personal Data (Privacy) Ordinance ("the Ordinance") which apply to them in their capacities as the data users in the handling of personal data.

This workshop examines core concepts of practical data protection compliance illustrated by specific scenarios to highlight potential problems and their resolution. Participants will also engage in discussion of real cases relating to the handling of personal data in different aspects of insurance work.

Who should attend: Insurance Practitioners, Data Protection Officers, Compliance Officers, Solicitors, Advisers and other personnel undertaking work relating to the  Insurance Industry.

Course outline:

  • An overview of the data protection provisions
  • Recent topical issues on data privacy
  • Liabilities of insurance companies and insurance practitioners
  • Useful pointers on Personal Information Collection Statement
  • Collection of customers’ medical data
  • Collection of Hong Kong identity card number and copy
  • Engagement of private investigators in insurance claims
  • Retention of customers’ personal data
  • Use of customers’ data for internal training
  • Security of customers’ personal data handled by staff and agents
  • Handling of data access requests from customers
  • Data Ethics

>> Click here to enrol

Personal Data Privacy Management Programme

Privacy and personal data protection cannot be managed effectively if they are merely treated as a legal compliance issue. Instead, organisational data users should embrace personal data privacy protection as part of their corporate governance responsibilities and apply them as a business imperative throughout the organisation.  To this end, the formulation and maintenance of a comprehensive Personal Data Privacy Management Programme (PMP) is of paramount importance.

This course will highlight the key features of “Privacy Management Programme – A Best Practice Guide”.  Participants will be able to understand the baseline fundamentals and components of a PMP and how to maintain and improve it on an ongoing basis.

Who should attend: Data protection officers, compliance professionals, company secretaries, solicitors, executives from business and public sectors, and those who are interested in keeping abreast of the data protection trend and best practices.

Course outline:
  • What is PMP
  • Baseline Fundamentals of a PMP
  • Appointment of Data Protection Officer
  • Ongoing Assessment and Revision
  • How to develop your own PMP
  • Data Ethics

>> Click here to enrol

Practical Workshop on Data Protection Law

This workshop is aimed at anyone who wishes to acquire a solid grounding in the application and interpretation of the provisions of the Personal Data (Privacy) Ordinance (“the Ordinance”).
 
With the increase in public awareness on personal data protection, it becomes an important aspect for organisations to gain customers’ trust and confidence.   This workshop (to be conducted by experienced lawyers from the Office of the Privacy Commissioner for Personal Data) is for people who are charged with the responsibility in advising on compliance with the Ordinance to acquire solid knowledge through interactive participation. 

Who should attend: Solicitors, Barristers, In-house Legal Counsels, Data Protection Officers, Compliance Officers

Course outline:
  • Examining the application of the six data protection principles with special highlights on recent administrative appeals board and court cases.
  • What are the local and global trends in protecting data privacy rights?
  • Problems frequently encountered by organisations dealing with personal data, including:-
    • What are the points to consider when drafting a personal information collection statement?
    • How to respond to requests by law enforcement agencies for disclosure of employees' or customers’ personal data?
    • What are the key aspects to be included in a privacy policy statement?
    • What are the special requirements in complying with or refusing to comply with a data access/correction request?
    • How to comply with the direct marketing requirements in a joint marketing campaign?
    • What are the steps to take when outsourcing the processing of personal data to agents located in or outside Hong Kong?
    • How to determine whether an exemption provision applies to a particular situation, including requests for personal data possessed by organisational data users 
  • How to strike the right balance between protecting personal data of individuals and safeguarding the organisations’ best interests?
  • Consequences of breach of the Ordinance and liabilities of key officers
  • Sharing of practical experiences in applying the rationale behind legal and quasi-legal decisions, coupled with illustrations from real-life examples.

>> Click here to enrol

Recent Court and Administrative Appeals Board Decisions

This workshop focuses on specific topics in data privacy law raised in recent decisions of the Hong Kong Court and Administrative Appeals Board (the “Board”), and aims at providing in-depth discussion and updated knowledge to legal practitioners and compliance officers on the interpretation of commonly used provisions of the Personal Data (Privacy) Ordinance (“the Ordinance”).  This intermediate level course is for participants who would like to gain more insights on the legal arguments of court decisions and the Board cases.
 
The Board is the statutory body that hears and determines appeals against the decisions of the Privacy Commissioner for Personal Data (“the Commissioner”) by a complainant or the relevant data user complained of.  The High Court of Hong Kong deals with magistracy appeals against criminal offences committed under the Ordinance.  This workshop (to be conducted by experienced lawyers from the office of the Commissioner) will examine some recent decisions which serve as legal authorities and practical examples in solving problems frequently encountered in compliance work.
 
Who should attend: Solicitors, Barristers, In-house Lawyers, Data Protection Officers, Compliance Officers, Company Secretaries and Administration Managers.
 
Course outline:
  • Thorough understanding of major data privacy issues raised in recent decisions of the Hong Kong Court and the Administrative Appeals Board, including:
    • An appeal case of a Legislative Council member
      AAB 8 of 2018 
      • Whether it was excessive to collect the names and whereabouts of the Legco members;
      • Whether the updated information of the whereabouts of the LegCo members in the LegCo Complex would be important for the Government in discharging its constitutional duty under Article 62 of the Basic Law for matters transacted in the LegCo;
      • Whether the notification requirement (DPP1(3) was applicable when personal data was passively collected in a “non-consensual” manner.
    • Cases in relation to injunctions on doxxing
      • SECRETARY FOR JUSTICE AND ANOTHER v. PERSONS UNLAWFULLY AND WILFULLY CONDUCTING THEMSELVES IN ANY OF THE ACTS PROHIBITED UNDER PARAGRAPH 1(A), (B) OR (C) OF THE INDORSEMENT OF CLAIM; Report in: [2019] 5 HKLRD 500
      • SECRETARY FOR JUSTICE v. PERSONS UNLAWFULLY AND WILFULLY CONDUCTING THEMSELVES IN ANY OF THE ACTS PROHIBITED UNDER PARAGRAPH 1(a) AND (b) OF THE INDORSEMENT OF CLAIM; Reported in: [2019] 5 HKLRD 465
      • How did the Court enforce the violation of the injunction (civil contempt of court) in SECRETARY FOR JUSTICE v. CHAN OI YAU RIYO (HCMP 249/2020)?
      • Public access to the Final Register of electors of District Council Election containing the name and principal residential address of registered electors in JUNIOR POLICE OFFICERS’ ASSOCIATION OF THE HONG KONG POLICE FORCE AND ANOTHER v. ELECTORAL AFFAIRS COMMISSION AND OTHERS (HCAL 3042/2019, CACV 73/2020)
    • Privacy implications of a Court of Appeal judgment on Police’s power to search the digital contents of mobile devices
      The Court of Appeal' judgment in SHAM WING KAN v. COMMISSIONER OF POLICE; Reported in: [2020] 2 HKLRD 529
      • To what extent the Police could exercise power to search the digital contents of mobile devices without warrant? What are the conditions to be satisfied?
      • How to apply the proportionality test when determining the proportionality and constitutionality of the power to search?
      • What are the implications on personal data privacy?
    • Other decisions made by the court and the Board
  • In-depth discussion and interpretation of key provisions of the Personal Data (Privacy) Ordinance
  • Familiarisation of recent decisions that can serve as legal authorities and practical examples for solving problems encountered in compliance work.

>> Click here to enrol