PCPD e-NEWSLETTER
ISSUE Jun 2022
|
|
|
|
PCPD e-NEWSLETTER
ISSUE Jun 2022
|
|
|
|
PCPD Publishes Two Investigation Reports and a New Edition of Guidance Note for the Property Management Sector
|
The Privacy Commissioner, Ms Ada CHUNG Lai-ling (centre), Ms Amy CHAN Mei-yee, Chief Personal Data Officer (Complaints) (left) and Mr Brad KWOK Ching-hei, Acting Chief Personal Data Officer (Compliance & Enquiries) (right) introduced the two investigation reports and the new edition of Guidance Note for the Property Management Sector.
|
At the media briefing on 13 June 2022, the Office of the Privacy Commissioner for Personal Data (PCPD) released two investigation reports, namely (1) “Investigation Report on the Accidental Disposal of Medical Records of Patients by Town Health Medical & Dental Services Limited (Town Health)”, and (2) “Investigation Report on the Improper Collection, Retention and Use of Personal Data of Residents and Visitors by Property Management Companies”. The new edition of “Protection of Personal Data Privacy – Guidance for Property Management Sector” was also published at the same time.
|
Investigation Report on the Accidental Disposal of Medical Records of Patients by Town Health
The investigation arose from a data breach notification lodged by Town Health with the PCPD on 2 June 2021, which reported that one of its medical centres (Medical Centre) had accidentally disposed a carton box which contained patients’ medical records in mid-March 2021. The incident affected a total of 294 patients of the Medical Centre.
Privacy Commissioner Ms Ada CHUNG Lai-ling found that Town Health had the following serious deficiencies in ensuring the security of personal data:
- Lack of staff awareness of personal data protection;
- Lack of effective data protection policies and procedures; and
- Lack of staff training on personal data protection.
The Privacy Commissioner considered that Town Health had not taken all practicable steps to ensure that the medical records in question be protected from unauthorised or accidental access, processing, erasure, loss or use, thereby contravening Data Protection Principle (DPP) 4(1) concerning the security of personal data under the Personal Data (Privacy) Ordinance (PDPO). The Privacy Commissioner has issued an enforcement notice to Town Health, directing Town Health to remedy and prevent recurrence of the contravention.
Through the report, the Privacy Commissioner made five recommendations to organisations. She also reminded organisations that when they suspect or note the occurrence of a data breach incident, they should notify the PCPD as soon as possible. The PCPD will provide assistance and advice to help minimise the damage caused by the data breach incident and improve the personal data system.
|
|
|
Investigation Report on the Improper Collection, Retention and Use of Personal Data of Residents and Visitors by Property Management Companies
During the past five years, the PCPD received an average of more than 100 complaints against property management companies per annum. To raise the property management sector’s awareness of the need to protect the personal data privacy of residents and visitors, the Privacy Commissioner published an investigation report in respect of four complaints against four property management companies, which are respectively: -
- Cheong Sun Property Agent and Management Company – The company displayed the full names and addresses of property owners in an overdue notice which was posted on a public notice board;
- Creative Property Services Consultants Limited – In a face mask distribution activity, the company did not cover a common form containing the names and addresses of residents who had collected the masks, so that passers-by could clearly see their personal data; nor did the company specify any retention period for the personal data;
- H-Privilege Limited – The relevant security guard did not abide by the company’s established policy and revealed the phone number of a resident to another resident without authorisation; and
- Wilson Property Management Limited – The company imposed a mandatory requirement for delivery workers to show their Hong Kong Identity Cards for the purpose of registration as visitors before they were allowed entry to the relevant building.
After conducting investigations into the four complaints, the Privacy Commissioner found that the four property management companies had contravened the relevant requirements of DPPs of the PDPO as regards the collection, retention period, use and security of personal data, respectively. The Privacy Commissioner has served enforcement notices on the four property management companies, directing them to remedy and prevent recurrence of their respective contraventions, and made recommendations to property management bodies.
|
|
|
New Edition of “Protection of Personal Data Privacy – Guidance for Property Management Sector”
In view of the latest development of the property management industry, the PCPD has in parallel updated the “Protection of Personal Data Privacy – Guidance for Property Management Sector”. The content covers the most common issues relating to the handling of personal data by property management bodies, including collecting and storage of personal data of residents or visitors, recording of HKID Card numbers of visitors, display of notices containing personal data, and CCTV located at common areas of buildings, etc.
|
|
|
PCPD Took up the Co-Chairmanship of the Global Privacy Assembly’s International Enforcement Working Group
|
|
PRIVACY COMMISSIONER’S FINDINGS
|
PRIVACY COMMISSIONER’S FINDINGS
|
Unencrypted Personal Data Transmitted in Mobile Applications
|
|
Internet Safety – Safe Online Shopping
|
|
|
PCPD Made an Arrest For a Suspected Doxxing Offence
|
RECOMMENDED ONLINE TRAININGS
|
The 57th APPA Forum’s Panel Discussion – Privacy Issues Arising from Emerging Technologies and the Regulatory Roadmaps
|
Webinar on “Protection of Personal Data Privacy for Property Management Sector”
|
Online Professional Workshops
|
Free Online Seminar: Introduction to the PDPO
|
Arrange an In-house Seminar for Your Organisation
|
RENEWAL OF DPOC’s MEMBERSHIP
|
|
PCPD organised a Webinar on “Recommended Model Contractual Clauses for Cross-border Transfers of Personal Data”
|
Reaching Out to the Community – Assistant Privacy Commissioner attended Meeting of the Southern District Fight Crime Committee
|
DAB’s Seminar – Privacy Commissioner Spoke on the Personal Data (Privacy) (Amendment) Ordinance 2021 and Related Enforcement Actions
|
Reaching Out to Governance Professionals – PCPD Delivered a Presentation at The HKCGI’s “23rd Annual Corporate and Regulatory Update”
|
Privacy Commissioner Publishes an Article on “Guidance on Recommended Model Contractual Clauses for Cross-border Transfer of Personal Data” at Hong Kong Lawyer
|
Privacy Commissioner Contributes to the Guidance Issued by the HKCGI regarding Personal Data Retention in the Due Diligence Process
|
Privacy Commissioner Publishes an Article on the “Guidance on the Ethical Development and Use of Artificial Intelligence” in the Global Privacy Assembly May 2022 Newsletter
|
|
Highlights of the Draft Measures for Cybersecurity Management in Securities and Futures Industries 《證券期貨業網絡安全管理辦法(徵求意見稿)》簡介
|
International: US CRS Publishes Paper on Upcoming Transatlantic Data Privacy Framework
|
France: CNIL Launches Study on Geolocation Data Collected by Apps
|
New York: Senate Bill for New York Privacy Act Amended and Renumbered
|
Thailand: PDPA Enters into Effect
|
|
|
PCPD Took up the Co-Chairmanship of the Global Privacy Assembly’s International Enforcement Working Group
In today’s borderless digital age, privacy issues are no longer confined within borders. It is therefore beneficial for data protection authorities from around the world to cooperate with each other to tackle global privacy issues efficiently and demonstrate that regulators are committed to a united response to global privacy risks.
In October 2021, the PCPD took up the co-chairmanship of the International Enforcement Working Group (IEWG) of the Global Privacy Assembly (GPA).
What is the GPA IEWG?
The GPA is the leading international forum for over 130 data protection authorities from around the globe to exchange views on privacy issues and the latest international developments. The PCPD has attended GPA meetings since 1996, and has been a member of the GPA since 2002.
The IEWG was established as a permanent working group of the GPA in 2019. It serves as a platform to discuss privacy issues with cross-border implications, share common experience in investigating multinational companies, and explore opportunities for joint enforcement. The IEWG is currently chaired by data protection authorities from Canada, Colombia, Hong Kong and Norway.
Its membership now stands at over 30 authorities from 6 continents, and has increased by over 80% since 2020.
What Work has the GPA IEWG Done?
One of the key IEWG initiatives that the PCPD recently participated in was the engagement with companies providing video teleconferencing (VTC) services. As covered in the December 2020 issue, a group of IEWG members issued an open letter to major VTC companies in July 2020, highlighting the privacy risks arising from the sudden growth in the use of VTC software during the pandemic and reminding the companies to comply with applicable laws and handle users’ personal data responsibly. The joint signatories subsequently engaged directly with companies in a series of video calls to discuss the privacy and security measures put in place to address the risks. In October 2021, the joint signatories developed a concluding statement highlighting the key takeaways from the whole exercise, including the good practices reported by the VTC companies in safeguarding personal data when they provide their services and the possible areas of further improvement.
In addition, the IEWG has also formed several sub-groups which explore specific privacy issues, including the scraping of personal data from online platforms, use of facial recognition technologies, privacy implications of AdTech, and the risks posed by credential stuffing attacks.
The IEWG co-chairs will continue to ramp up efforts on the enforcement front and facilitate international cooperation in the international data protection community.
|
|
|
PRIVACY COMMISSIONER’S FINDINGS
|
Unencrypted Personal Data Transmitted in Mobile Applications
In monitoring personal data risks, the PCPD may inspect the activities of a data user involving large-scale collection and use of personal data.
For example, in the second half of 2020, the PCPD conducted security testing to determine whether the mobile apps developed or operated by local enterprises which involved the collection of customers’ personal data complied with DPP 4.
The PCPD found that 14 apps did not use adequate encryption to securely transmit personal data. As such, attackers could secretly eavesdrop or modify the transmission data.
Remedial Measures
All enterprises concerned took the PCPD’s advice and implemented adequate encryption in their apps to protect personal data transmission.
Lessons Learnt
Online activities and transactions are convenient but carry non-negligible risks to personal data privacy. Personal data collected by different apps may end up in the hands of hackers if such data is not protected by stringent security measures.
Organisations must protect and respect personal data to garner the trust of their customers to remain competitive. Organisations should regularly review and update their apps to ensure security of personal data.
|
Internet Safety – Safe Online Shopping
Aiming to stimulate the Hong Kong economy and give the retail sector a boost, Phase two of the 2022 Consumption Voucher Scheme is set to roll out in early August for all eligible Hong Kong residents.
Speaking of how to spend the consumption vouchers, many people might turn to online shopping as it is convenient, quick and easy. However, such convenience may come with a price, relating to privacy and information security.
Follow the steps below to ensure that your personal information is being transferred in the safest way possible while you are doing online shopping:
- Only trust secured websites: Limit your shopping to encrypted websites, and the website URL should start with “https://” (instead of “http://”);
- Protect your personal information: It is normal for online retailers to ask for additional details and about your preferences to make your online shopping experience more personalised. That said, never give too much personal information;
- Do not click on untrusted pop-up ads: Pop-ups could be a way for scammers to lure online shoppers; and
- Create a unique password for each website: Avoid using the same password for every online shopping site you frequent.
|
|
|
PCPD organised a Webinar on “Recommended Model Contractual Clauses for Cross-border Transfers of Personal Data”
|
The PCPD organised a webinar on “Recommended Model Contractual Clauses for Cross-border Transfers of Personal Data” on 27 June 2022. In the webinar, the Assistant Privacy Commissioner for Personal Data (Acting) (Legal, Global Affairs and Research) Mr Dennis NG, and Legal Counsel (Acting) Ms Clemence WONG, briefed the participants on the two sets of Recommended Model Contractual Clauses issued by the PCPD to cater for two different scenarios in cross-border data transfers, namely (i) from one data user to another data user; and (ii) from one data user to a data processor. The webinar attracted more than 210 attendees from various sectors including banking, insurance, government and public bodies, legal and information technology. Please click here to download the presentation deck (Chinese only). Please click here to download the “Guidance on Recommended Model Contractual Clauses for Cross-border Transfer of Personal Data”.
|
Reaching Out to the Community – Assistant Privacy Commissioner attended Meeting of the Southern District Fight Crime Committee
|
The Assistant Privacy Commissioner for Personal Data (Acting) (Legal, Global Affairs and Research) Mr Dennis NG, attended the meeting of the Southern District Fight Crime Committee on 23 June 2022. Mr Ng briefed committee members on the requirements of the Personal Data (Privacy) (Amendment) Ordinance 2021 and the “Guidance on CCTV Surveillance” published by the Office of the Privacy Commissioner for Personal Data. Please click here for the presentation deck (Chinese only).
|
DAB’s Seminar – Privacy Commissioner Spoke on the Personal Data (Privacy) (Amendment) Ordinance 2021 and Related Enforcement Actions
|
Privacy Commissioner Ms Ada CHUNG Lai-ling, together with Assistant Privacy Commissioner (Acting) (Legal, Global Affairs and Research) Mr Dennis NG, delivered a presentation on 11 June 2022 at a seminar organised by the Democratic Alliance for the Betterment and Progress of Hong Kong (DAB) on the Personal Data (Privacy) (Amendment) Ordinance 2021 (Amendment Ordinance).
The Privacy Commissioner gave an overview of the legal requirements of the Amendment Ordinance, and highlighted the enforcement actions taken by her office since the implementation of the Amendment Ordinance. Mr Dennis NG also briefed participants on the main directions of the comprehensive review of the PDPO, with a view to enhancing the protection of personal data privacy.
Please click here for the presentation deck (Chinese only).
|
Reaching Out to Governance Professionals – PCPD Delivered a Presentation at The HKCGI’s “23rd Annual Corporate and Regulatory Update”
|
Assistant Privacy Commissioner (Acting) (Legal, Global Affairs and Research) Mr Dennis NG, together with Legal Counsel (Acting) Ms Clemence WONG, delivered a presentation at the 23rd Annual Corporate and Regulatory Update organised by The Hong Kong Chartered Governance Institute (HKCGI) on 9 June 2022.
In the presentation entitled “Compliance with Personal Data Privacy Regulations”, the speakers discussed the handling of data breaches, safeguarding personal data when working from home, doxxing offences under the PDPO and the PCPD’s recommended model contractual clauses for cross-border transfer of personal data.
Please click here for the presentation deck.
|
Privacy Commissioner Publishes an Article on “Guidance on Recommended Model Contractual Clauses for Cross-border Transfer of Personal Data” at Hong Kong Lawyer
|
Privacy Commissioner Ms Ada CHUNG Lai-ling published an article at Hong Kong Lawyer to introduce the “Guidance on Recommended Model Contractual Clauses for Cross-border Transfer of Personal Data” (Guidance). Please click here to read the article.
The PCPD issued the Guidance in May and introduced two sets of Recommended Model Contractual Clauses for cross-border transfer of personal data, which may be adopted by small and medium-sized enterprises in order to comply with the requirements of the PDPO and good data ethics.
Please click here for the Guidance.
|
Privacy Commissioner Contributes to the Guidance Issued by The HKCGI regarding Personal Data Retention in the Due Diligence Process
|
Privacy Commissioner Ms Ada CHUNG Lai-ling contributed to the guidance issued by the HKCGI on 6 June 2022 regarding the retention of personal data (i) collected in customers’ due diligence process and (ii) recorded in significant controllers’ registers of companies. Please click here to read the guidance. The Privacy Commissioner explained the requirements pertaining to personal data retention, including DPP 2(2) and section 26(1) of the PDPO. The Privacy Commissioner also explained that where the use of personal data is required or authorised by or under any enactment, or by any rule of law, such use is exempt from the limitation of use principle as provided for in DPP 3 (see section 60B of the PDPO).
|
Privacy Commissioner Publishes an Article on the “Guidance on the Ethical Development and Use of Artificial Intelligence” in the Global Privacy Assembly May 2022 Newsletter
|
Privacy Commissioner Ms Ada CHUNG Lai-ling published an article in the Global Privacy Assembly May 2022 Newsletter to introduce the “Guidance on the Ethical Development and Use of Artificial Intelligence” (Guidance) issued by her office in August 2021. The Guidance, which reflects international standards, was published with a view to helping organisations understand and comply with the relevant requirements of the PDPO when they develop or use artificial intelligence (AI).
In the article, the Privacy Commissioner elaborates on the recommendations contained in the Guidance, including three data stewardship values, seven ethical principles and the measures which can be adopted by organisations to manage the privacy and ethical risks associated with AI systems.
Please click here to read the Newsletter. The article can be found on pages 9 and 10.
|
|
|
PCPD Made an Arrest For a Suspected Doxxing Offence
|
The PCPD arrested a Chinese male aged 26 in New Territories East on 22 June 2022. He was suspected to have disclosed the personal data of a data subject (the complainant) without her consent, in contravention of section 64(3A) of the PDPO. The investigation suggests that the arrested person and the complainant had a short relationship before breaking up. Someone later impersonated the complainant to open accounts in four different social media platforms between late-October and mid-November 2021, and disclosed on those platforms her name, photos, residential address, private and office telephone numbers, name of her employer and position, etc. It was also stated in the relevant messages that the complainant welcomed others to visit her at her address. Many strangers later contacted the complainant and tried to get acquainted with her. This is the fourth arrest made by the PCPD under the PDPO since its latest amendments came into operation on 8 October 2021. The PCPD made the first three arrests in relation to the new doxxing offences under the PDPO in December 2021, April 2022 and (together with the Police) May 2022, respectively. In addition, the Police also arrested 3 persons for 4 cases relating to doxxing. The PCPD reminds members of the public that doxxing is a serious offence. An offender is liable on conviction to a fine up to $1,000,000 and imprisonment for 5 years. The PDPO applies equally to the online world. To avoid breaking the law, members of the public should think twice before publishing or forwarding any doxxing messages on the internet or social media. Relevant provisions under the PDPO Pursuant to section 64(3A) of the PDPO, a person commits an offence if the person discloses any personal data of a data subject without the relevant consent of the data subject –
(a) with an intent to cause any specified harm to the data subject or any family member of the data subject; or (b) being reckless as to whether any specified harm would be, or would likely be, caused to the data subject or any family member of the data subject.
A person who commits an offence under section 64(3A) is liable on conviction to a fine of $100,000 and imprisonment for 2 years. Pursuant to section 64(3C) of the PDPO, a person commits an offence if –
(a) the person discloses any personal data of a data subject without the relevant consent of the data subject –
- with an intent to cause any specified harm to the data subject or any family member of the data subject; or
- being reckless as to whether any specified harm would be, or would likely be, caused to the data subject or any family member of the data subject; and
(b) the disclosure causes any specified harm to the data subject or any family member of the data subject.
A person who commits an offence under section 64(3C) is liable on conviction on indictment to a fine of $1,000,000 and imprisonment for 5 years. According to section 64(6) of the PDPO, specified harm in relation to a person means –
(a) harassment, molestation, pestering, threat or intimidation to the person; (b) bodily harm or psychological harm to the person; (c) harm causing the person reasonably to be concerned for the person’s safety or well-being; or (d) damage to the property of the person.
|
Highlights of the Draft Measures for Cybersecurity Management in Securities and Futures Industries 《證券期貨業網絡安全管理辦法(徵求意見稿)》簡介
|
On 29 April 2022, the China Securities Regulatory Commission (CSRC) published the Draft Measures for Cybersecurity Management in Securities and Futures Industries (Draft Measures) for consultation. The Draft Measures seek to enhance protection of data, including personal information, in the financial industry. This article highlights some of the proposed requirements of the Draft Measures.
中國證券監督管理委員會(中國證監會)於2022年4月29日發布《證券期貨業網絡安全管理辦法(徵求意見稿)》1(《徵求意見稿》),《徵求意見稿》的徵求意見期已於2022年5月29日截止。
《徵求意見稿》根據《證券法》、《網絡安全法》、《數據安全法》、《個人信息保護法》 及《關鍵信息基礎設施安全保護條例》等法規而制定2,適用於︰(一) 在境內建設、營運、維護和使用網絡及信息系統的核心機構和經營機構;及 (二)為證券期貨業務活動提供産品或服務的網絡安全保障的信息技術服務機構;及(三)證券期貨業網絡安全的監督管理3。當中︰
- 核心機構是指證券期貨交易場所、證券登記結算機構、期貨保證金安全存管監控機構等承擔證券期貨市場公共職能和承擔證券期貨業信息基礎設施運營的機構及其屬下機構4;
- 經營機構是指證券公司、期貨公司和基金管理公司等證券期貨經營機構5;及
- 信息技術服務機構是指為證券期貨業務活動提供重要信息系統的開發、測試、集成、測評、運維及日常安全管理等産品或服務的機構6。
根據《徵求意見稿》,核心機構和經營機構須遵循保障安全和促進發展的原則,建立健全網絡安全防護體系,提升網絡安全保障水平,及確保網絡安全與信息化工作同步推進等。而信息技術服務機構則須遵循技術安全和功能合規的原則提供産品或服務,並與核心機構和經營機構共同保障行業網絡安全,促進行業信息化發展7。
具體而言,核心機構和經營機構須具有完善的信息技術治理架構,健全網絡安全管理制度體系,建立內部决策、管理、執行和監督機制,確保網絡安全管理能力與信息化發展水平相匹配。而信息技術服務機構須建立網絡安全管理制度,配備相應的安全和合規管理人員,建立與提供産品或服務相適應的網絡安全管理機制8。核心機構和經營機構更須指明主要負責人為其網絡安全第一責任人9,並指定網絡安全工作牽頭部門或機構,負責管理重要信息系統和相關基礎設施,及制定網絡安全應急預案等工作10。
《徵求意見稿》第二十六條訂明核心機構和經營機構須依法履行投資者個人信息保護義務,當中的告知同意和確保個人信息安全的要求與《個人信息保護法》的相關要求大致相同。其中,《徵求意見稿》確認證券期貨賬戶的信息為敏感個人信息,亦符合《個人信息保護法》下敏感個人信息所包括的金融賬戶信息。
值得一提的是,核心機構和經營機構如發生網絡安全事件,須及時對外公布11。然而,如網絡安全事件是與核心機構和經營機構參加資本市場金融科技或信息技術應用創新機制有關,而相關機構已積極消除不良影響,則可面對較輕處罰。如事件未有産生不良影響,相關機構甚至可免於受罰12。
中國證監會負責履行《徵求意見稿》的監督管理責任13。核心機構、經營機構和信息技術服務機構如違反《徵求意見稿》規定,可被中國證監會採取監管談話、責令限期整改等措施。如屬情節嚴重,經營機構和信息技術服務機構及其責任人員可被處最高人民幣二十萬元的罰款14。此外,核心機構和經營機構違反《徵求意見稿》第二十六條有關處理個人信息的規定,更可被中國證監會按《網絡安全法》及《個人信息保護法》的相關罰則進行處罰15。
1 中國證監會關於就《徵求意見稿》公開徵求意見的通知︰http://www.csrc.gov.cn/csrc/c101981/c2381308/content.shtml
2《徵求意見稿 》第一條
3《徵求意見稿 》第二條
4《徵求意見稿 》第六十二(一)條
5《徵求意見稿 》第六十二(二)條
6《徵求意見稿 》第六十二(三)條
7《徵求意見稿 》第三條
8《徵求意見稿 》第九條
9《徵求意見稿 》第十條
10《徵求意見稿 》第十一條
11《徵求意見稿 》第三十五條
12《徵求意見稿 》第六十一條
13《徵求意見稿 》第五條
14《徵求意見稿 》第五十四條
15《徵求意見稿 》第五十八條
|
|
|
RECOMMENDED ONLINE TRAININGS
|
The 57th APPA Forum’s Panel Discussion – Privacy Issues Arising from Emerging Technologies and the Regulatory Roadmaps
|
The PCPD will be hosting the 57th Asia Pacific Privacy Authorities (APPA) Forum on 12 and 13 July 2022. The virtual forum will also be held as one of the celebratory events of the 25th Anniversary of the Establishment of the HKSAR.
The panel discussion of this remarkable event, entitled “Privacy Issues Arising from Emerging Technologies and the Regulatory Roadmaps”, is now exclusively for Data Protection Officers’ Club (DPOC) members to join. By focusing on the formidable challenges to personal data privacy arising from emerging technologies, Commissioners or senior representatives from data protection authorities in Australia, Canada, Japan and the United Kingdom, will share valuable insights on whether these technologies are a blessing or a curse, and whether and how these technologies should be regulated. Don’t miss the chance and do register now!
Date: 13 July 2022 (Wednesday)
Time: 9:15am – 10:15am (HK Time)
Moderator: Ms Ada CHUNG Lai-ling, Privacy Commissioner for Personal Data, Hong Kong
Speakers:
- Ms Angelene FALK, Australian Information Commissioner and Privacy Commissioner, Office of the Australian Information Commissioner, Australia
- Dr Gregory SMOLYNEC, Deputy Commissioner Policy and Promotion, Office of the Privacy Commissioner of Canada
- Mr Yuji ASAI, Commissioner, Personal Information Protection Commission, Japan
- Mr Stephen BONNER, Executive Director for Regulatory Futures and Innovation, Information Commissioner's Office, the United Kingdom
Fee: Free of charge (For DPOC members)
Language: English
|
Webinar on “Protection of Personal Data Privacy for Property Management Sector”
|
Protecting the personal data of residents and visitors is an indispensable part of the provision of high-quality and professional services by property management bodies. With a view to assisting practitioners in the sector in adopting good practices in personal data protection, and enabling the general public to understand the best practices adopted by property management companies in the collection and handling of personal data, the PCPD has organised this webinar to discuss its recent investigation report in relation to improper handling of the personal data of residents and visitors, and to elaborate on the new edition of “Protection of Personal Data Privacy – Guidance for Property Management Sector” recently issued by the PCPD. A renowned practitioner from the property management industry will also share relevant experience in good personal data management practice with the participants.
Date: 27 July 2022 (Wednesday)
Time: 3:00pm – 4:30pm
Speakers:
- Ms Ada CHUNG Lai-ling – Privacy Commissioner for Personal Data, PCPD
- Ms Amy CHAN Mei-yee – Chief Personal Data Officer (Complaints), PCPD
- Dr Johnnie CHAN Chi-kau, SBS, BBS, JP – Chief Executive Officer of Savills Services Group; Immediate Past President, Hong Kong Association of Property Management Companies
Fee: Free of charge
Language: Cantonese
|
Online Professional Workshop on Personal Data Privacy Management Programme
|
With the ever-rising expectation of customers and stakeholders on the responsible use of personal data by organisations, it is of paramount importance for organisations to construct and implement a Personal Data Privacy Management Programme (PMP) to institutionalise a proper system for the responsible use of personal data, so as to build trust with customers, and enhance competitive and reputational advantages. In this workshop, participants will be able to understand the baseline fundamentals and components of a PMP, and master the knowledge on how to maintain and improve it on an ongoing basis.
Date: 6 July 2022 (Wednesday)
Time: 2:15pm – 4:15pm
Fee: $750/$600*
(*Members of the DPOC and the supporting organisations may enjoy the discounted fee)
Language: Cantonese
Who should attend: Data protection officers, compliance professionals, company secretaries, solicitors, executives from business and public sectors, and those who are interested in keeping abreast of the data protection trend and best practices
|
Online Professional Workshop on Data Protection in Banking/Financial Services
|
Technological advancement has transformed and improved the efficiency of the banking and financial industries. On the other hand, it has also posed challenges to the protection of personal data privacy. Participants will be able to acquire knowledge on the requirements under the PDPO in different aspects of the banking and financial services and the practical ways to deal with them effectively in their daily operation.
Date: 20 July 2022 (Wednesday)
Time: 2:15pm – 5:15pm
Fee: $750/$600*
(*Members of the DPOC and the supporting organisations may enjoy the discounted fee)
Language: Cantonese
Who should attend: Data protection officers, compliance officers, company secretaries, solicitors, advisers and other personnel undertaking work relating to the banking/financial industry
|
Online Free Seminar – Introduction to the PDPO Seminar
|
The PCPD organises free introductory seminars regularly to raise public awareness and their understanding of the PDPO. The details of the upcoming sessions are as follows:
|
Seminar Outline:
- A general introduction to the PDPO;
- The six Data Protection Principles (illustrated with industry-related examples);
- Offences and compensation;
- Direct marketing; and
- Q&A session.
|
Arrange an In-house Seminar for Your Organisation
|
Teaching employees how to protect the privacy of personal data is increasingly recognised as an important part of employee training. If you wish to arrange an in-house seminar for your organisation to learn more about the PDPO and protecting the privacy of personal data, you can make a request for an in-house seminar via our online form. The outline of this seminar is provided below.
Seminar Outline:
- A general introduction to the PDPO;
- The six Data Protection Principles (industry-related cases will be illustrated);
- Handling of data breach incidents;
- Direct Marketing;
- Offences & Compensation; and
- Q&A Session.
Duration: 1.5 hours
|
RENEWAL OF DPOC’s MEMBERSHIP
|
Renew your DPOC membership today and continue to enjoy privileged access to course enrolments throughout the year!
Special offer for organisational renewals:
Organisations can join the 2-for-1 scheme, which enables them to receive two memberships for the price of one annual fee (HK$350).
Renew your membership now to keep up-to-date with the latest news and legal developments!
|
|
|
Contact Us
Address: Room 1303, 13/F, Dah Sing Financial Centre, 248 Queen's Road East, Wanchai, Hong Kong
Tel: 2827 2827
If you do not wish to receive the PCPD e-Newsletter, please click here to unsubscribe.
|
Copyright
Disclaimer
The information and suggestions provided in this publication are for general reference only. They do not serve as an exhaustive guide to the application of the law. The Privacy Commissioner makes no express or implied warranties of accuracy or fitness for a particular purpose or use with respect to the information and suggestions set out in this publication. This publication also contains information or suggestions contributed by others, whose views or opinions are solely those of the contributors and do not necessarily reflect or represent those of the Privacy Commissioner. All information and suggestions provided in this publication will not affect the functions and powers conferred upon the Privacy Commissioner under the Personal Data (Privacy) Ordinance.
The PCPD shall not be liable for any damages (including but not limited to damages for loss of business or loss of profits) arising in contract, tort or otherwise from (i) the use of or inability to use this publication or its content, or (ii) from any action taken or decision made on the basis of the content of this publication.
If you click any hyperlink in this publication that brings you to sites operated by other organisations, the PCPD accepts no responsibility for the contents of those sites and shall not be liable for any loss or damage arising out of and/or incidental to the use of the contents.
|
|
|
|