|
|
|
|
|
|
|
|
|
|
|
|
Ms Ada CHUNG Assumes Office Today as the Privacy Commissioner for Personal Data, Hong Kong
Dear all,
I am very honored, and privileged, to be appointed as the Privacy Commissioner for Personal Data. Together with my team, I would spare no effort in furthering our mission of protecting privacy in relation to personal data.
I believe that with the continuous support of the community, I would be able to further elevate our work on the protection of personal data privacy.
In order to enhance the protection of personal data, I trust that my office should be an enforcer, educator and facilitator of the protection of personal data privacy. I hope that by strengthening the protection of personal data, we can enhance the use of data while at the same time protect personal privacy, hence contributing to the prosperous development of the community as a whole.
I look forward to working with you in personal data privacy protection.
Ms Ada CHUNG Lai-ling
Privacy Commissioner for Personal Data
|
|
|
|
|
|
|
|
The PCPD on 26 August 2020 released an inspection report about the employment-related personal data system of a sizable company in the food and beverage industry (Data User). The findings revealed that the Data User had devoted its efforts in privacy management, complied with most of the requirements under the Code of Practice on Human Resource Management and adopted some good practices. No material deficiencies were found, although some areas might be improved.
|
|
|
|
|
|
|
|
[Final call!] Online Professional Workshop - Data Protection in Direct Marketing Activities
Date: 9 September (Wednesday)
Time: 2:15pm - 5:15pm
Fee: $750/ $600*
To promote their products, services and events, marketers use different methods such as eDM, phone calls and mails. These activities may involve the use of personal data, which is governed by the Personal Data (Privacy) Ordinance (PDPO). The occasional convictions for failing to comply with the requirements of the direct marketing provisions under the PDPO ring alarm bells among companies because misuse of personal data may cost them reputation and consumers’ trust. This Workshop will help equip participants with the essential skills for legal compliance and good data governance in conducting direct marketing activities.
By the end of this Workshop, participants are expected to:
- know the requirements under the PDPO in direct marketing activities;
- understand hands-on solutions to problems that marketers face in planning direct marketing activities;
- know the elements of offences and defence;
- learn the practical tips for compliance; and
- understand key learnings from conviction cases.
*Members of PCPD's Data Protection Officers' Club and the supporting organisations can enjoy the discounted fee.
|
|
|
|
|
|
|
|
Online Professional Workshop - Data Protection in Banking/Financial Services
Date: 16 September (Wednesday)
Time: 2:15pm - 5:15pm
Fee: $750/ $600*
This workshop is designed for banking and financial personnel who wish to acquire knowledge on the requirements under the PDPO in different aspects of banking and financial services including Fintech and the practical ways to deal with them effectively in their daily operations.
Key take-aways:
• An overview of the relevant requirements under the PDPO
• Privacy and ethical implications of new technologies
o Collection and use of customers’ biometric data
o FinTech and personal data privacy
o Privacy Management Programme and Data Ethics
• How to comply with the requirements of the PDPO in daily banking operations
o collection and use of customers’ personal data
o handling of customers’ personal data in debt collection
o handling of customers’ data access requests
o use of customers’ personal data for direct marketing
o outsourcing the processing of personal data
• Code of Practice on Consumer Credit Data
• Recent topical issues on data privacy
*Members of PCPD's Data Protection Officers' Club and the supporting organisations can enjoy the discounted fee.
|
|
|
|
|
|
|
|
Enrol in our new season of professional workshops
Professional workshops organised by the PCPD have long been well received by people who are charged with the responsibility to advise on compliance with the PDPO. Participants of the workshops can acquire solid knowledge through interactive participation.
To help prevent the spread of COVID-19, the PCPD has been adopting online learning tools to conduct the professional workshops.
For the workshops to be held in September and October, online mode will continue to be adopted. For the workshops to be held thereafter, the PCPD will closely monitor the COVID-19 situation and make necessary adjustment and timely announcement.
|
|
|
|
|
|
[Free] Seminar on Introduction to the Personal Data (Privacy) Ordinance (PDPO)
Want to get to know the basics of PDPO? The PCPD organises introductory seminars on the PDPO for members of the public for free. The details are as follows:
Time: 3:00pm - 4:30pm
Key Takeaways:
- A general introduction to the PDPO
- The six data protection principles
- Offences & compensation
- Direct marketing
- Q & A session
|
|
|
|
|
|
|
|
Response to media enquiry on employers asking their staff to provide COVID-19 test results (31 August)
|
|
|
|
|
|
Response to media enquiry on a website revealing personal data (31 August)
|
|
|
|
|
|
Response to media enquiry on suspected use of personal data for registration purposes without data subjects' consent (30 August)
|
|
|
|
|
|
Universal Community Testing Programme Complies with Requirements of the Personal Data (Privacy) Ordinance (28 August)
|
|
|
|
|
|
|
|
The term 'ethical AI' is finally starting to mean something
The PCPD has been promoting ethics in artificial intelligence (AI) and is a Co-Chair of the Global Privacy Assembly Working Group on Ethics and Data Protection in Artificial Intelligence. This article sums up the development of ethical AI and shows us the way forward.
|
|
|
|
|
|
Finland-based firm designs machine learning system that is the first to blur profanity in text-editing software like Word or Outlook in a bid to combat cyberbullying
A Finnish tech company is hoping to create a kinder virtual space with a font that covers profanity in text-editing software, such as Word or Outlook, by blurring curse words and rewriting hate speech.
|
|
|
|
|
|
Data Protection vs. Cybersecurity: Why you need both
Data protection and cybersecurity are essential to safeguarding organisation against data breaches. New laws are getting enacted across the globe to regulate the collection, retention, use, disclosure, and discarding or personal information. Therefore, it is important to distinguish between data protection and cybersecurity and why you need both of them.
|
|
|
|
|
|
UK ICO's Children's Code comes into effect for online safety of minors
The Age Appropriate Design Code in the U.K. came into force on 2 September 2020. Online services will have a 12-month transition period to conform to the 15 standards to protect children's privacy. The standards include safeguards that privacy settings should be at their highest level for any service targeted toward children under the age of 18.
|
|
|
|
|
|
iOS 14: Facebook's Apple Nightmare Keeps Getting Worse
Apple's iOS 14 signals the end of collecting iPhone identifiers for advertisers (IDFA), due to Apple’s strong measures to prevent services from tracking individuals across apps.
|
|
|
|
|
|
EU data watchdog calls for vigilance on COVID temperature checks
The European Data Protection Supervisor has called for caution in the continuing employment of body temperature checks across EU buildings, saying that some operations involved in this process "may constitute an interference into individuals’ rights to private life."
|
|
|
|
|
|
|
|
Section 23, section 25 of the PDPO and Data Protection Principle 2(1) - accuracy of data
A credit reference agency had not handled a data correction request in line with the requirements of the PDPO, and recorded irrelevant information in a credit report
The complainant was a lawyer. He was appointed as a trustee of a bankruptcy order. The person subject to the order was a defendant of a civil lawsuit.
The complainant discovered that a credit reference agency had erroneously recorded him as the defendant of the civil lawsuit in his credit report. The complainant thereby made a data correction request to the credit reference agency seeking rectification.
The credit reference agency, however, did not remove the lawsuit from the complainant’s credit record. It only updated the status of the lawsuit with reference to the affirmation provided by the complainant. The complainant then made a complaint to the PCPD against the credit reference agency.
|
|
|
|
|
Outcome
The PCPD was of the view that the credit reference agency had failed to ensure the accuracy of the complainant’s credit report, contravening Data Protection Principle 2(1). Following the PCPD’s intervention, the credit reference agency eventually removed the lawsuit from the complainant’s credit report, and furnished the complainant with the corrected report. The credit reference agency also revised its measures to ensure that court cases relating to bankruptcy orders would not be recorded in the credit reports of the trustees of the orders.
In view of the findings, the PCPD served a warning letter on the credit reference agency, urging it to comply with the PDPO in ensuring the accuracy of personal credit data and proper handling of data correction requests.
Lesson learnt
This complaint could have been avoided. If the credit reference agency had examined the writ of summons with due care, it would have noted that the complainant was not the defendant of the case.
In the data-driven economy, customer data has transformed to valuable asset for business operation and promotion. Credit reference agencies, holding a database with enormous customer data, should adhere to higher ethical standards. Apart from complying with the requirements under the PDPO, credit reference agencies should also aim to meet the stakeholders’ expectation, and use customers’ personal data in a respectful, mutually beneficial and fair manner.
|
|
|
|
For enquiry, please contact us.
Address: Room 1303, 13/F, Sunlight Tower, 248 Queen's Road East, Wan Chai, Hong Kong Tel: (852) 2877 7179
If you do not wish to receive the PCPD e-Newsletter, please click here to unsubscribe.
|
|
|
|
|
|
Copyright
Disclaimer
The information and suggestions provided in this publication are for general reference only. They do not serve as an exhaustive guide to the application of the law. The Privacy Commissioner makes no express or implied warranties of accuracy or fitness for a particular purpose or use with respect to the information and suggestions set out in this publication. This publication also contains information or suggestions contributed by others, whose views or opinions are solely those of the contributors and do not necessarily reflect or represent those of the Privacy Commissioner. All information and suggestions provided in this publication will not affect the functions and powers conferred upon the Privacy Commissioner under the Personal Data (Privacy) Ordinance.
The PCPD shall not be liable for any damages (including but not limited to damages for loss of business or loss of profits) arising in contract, tort or otherwise from (i) the use of or inability to use this publication or its content, or (ii) from any action taken or decision made on the basis of the content of this publication.
If you click any hyperlink in this publication that brings you to sites operated by other organisations, the PCPD accepts no responsibility for the contents of those sites and shall not be liable for any loss or damage arising out of and/or incidental to the use of the contents.
|
|
