PCPD e-NEWSLETTER
ISSUE Aug 2022
|
|
|
|
PCPD e-NEWSLETTER
ISSUE Aug 2022
|
|
|
|
PCPD’s “Student Ambassador for Privacy Protection Programme – Partnering Schools Recognition Scheme” cum “Mobile Game Apps Design Competition for Secondary School Students”
Over 16,000 Secondary School Students Support “Respecting and Protecting Personal Data Privacy”
|
The Privacy Commissioner presented a trophy, certificates and scholarships to the champion team of the open category. Team members include Abraham Nicholas Kwun-Tai CHAN, Sophia Natalie Kwun-Kiu CHAN, Marcus Cheuk Lim HUI and Andra Yi Ching HUI
|
The PCPD successfully organised the “Student Ambassador for Privacy Protection Programme – Partnering Schools Recognition Scheme” (the Programme), which attracted the participation of over 16,000 secondary school students. Under the Programme, which was co-organised by the Education Bureau as a Business School Partnership Programme, the PCPD organised a “Mobile Game Apps Design Competition for Secondary Students” (the Competition). The Competition received overwhelming response, with more than 150 entries submitted from over 400 secondary school students. After careful assessment by the judging panel, the winning teams were awarded trophies, certificates and scholarships in recognition of their creativity in incorporating the message of respecting and protecting personal data privacy into their work. The PCPD also presented diamond, gold, silver and bronze awards of the Programme to 64 secondary schools in recognition of their efforts in fostering a culture of respecting and protecting personal data privacy on campus.
Members of the judging panel of the Competition included Privacy Commissioner Ms Ada CHUNG Lai-ling, Assistant Privacy Commissioner for Personal Data (Corporate Communications and Compliance) Ms Joyce LAI and information technology education expert Mr Alex LAU. Taking into account the relevance to the theme of the Competition (“Say ‘No’ to Cyberbullying” or “Stay Vigilant Online: Exercise Caution when Disclosing Personal Data”), programme design, creativity and programming skills, the judges selected the top three awards, 10 merit awards and the Most Creative Award.
The Programme received enthusiastic support from 64 secondary schools and the participation of more than 16,000 students. The schools were required to arrange their students to participate in seven privacy protection tasks. Depending on the number of tasks accomplished, the schools would receive diamond, gold, silver or bronze awards in recognition of their achievements in implementing and promoting the protection of personal data privacy. The Diamond Awards were presented to six schools that have won the Gold Award under the Programme for three consecutive years. They were (in alphabetical order) CCC Ming Yin College; Lingnan Hang Yee Memorial Secondary School; Ning Po No.2 College; Po Leung Kuk Yao Ling Sun College; SKH Kei Hau Secondary School and TWGHs Sun Hoi Directors’ College.
Please click here to view the brief description of the winning entries of the Competition in the Appendix of the PCPD website. Please click here for the demonstration videos of the winning entries of the Competition, the list of winners and details of the Programme and the Competition (Chinese only).
|
|
|
What is a Data Correction Request?
|
|
PRIVACY COMMISSIONER’S FINDINGS
|
PRIVACY COMMISSIONER’S FINDINGS
|
A Staff Member Transferred Personal Data Held by His Employer to His Personal Computer Without Authorisation
|
|
Beware of “Quishing” – the Use of QR Codes and the Hidden Fraud
|
|
|
Privacy Commissioner’s Office Issued Guidance Note on Data Security Measures for ICT
|
Privacy Commissioner’s Office Laid Charges in a Doxxing Case
|
RECOMMENDED ONLINE TRAININGS
|
Webinar on “Protection of Personal Data Privacy for Property Management Sector” (Rerun)
|
Online Professional Workshops
|
Free Online Seminar: Introduction to the PDPO
|
Arrange an In-house Seminar for Your Organisation
|
RENEWAL OF DPOC’s MEMBERSHIP
|
PCPD Supports the “Hong Kong Institute of Bankers Annual Banking Conference 2022”
|
|
Privacy Commissioner Published an Article on “Adoption of Recommended Model Contractual Clauses for Cross-border Transfer of Personal Data” at “The 21st Century Director”, the Monthly Magazine of The Hong Kong Institute of Directors
|
Reaching out to Directors – Privacy Commissioner Spoke at the Luncheon Meeting of the Hong Kong Institute of Directors
|
Showcasing Hong Kong – Assistant Privacy Commissioner Attended Meeting of APEC Digital Economy Steering Group Data Privacy Sub-group
|
PCPD Held Sharing Session on “Spirit of the President's Important Speech”
|
Privacy Commissioner’s Office Broadcasts TV Video and Radio Announcement on Doxxing Offences
|
Privacy Commissioner Published an Article on “New Recommended Model Clauses for Cross-border Transfer of Personal Data” at Banking Today, the Bi-monthly Journal of The Hong Kong Institute of Bankers
|
Reaching out to the Community – Privacy Commissioner Spoke at a Public Seminar of the Media Education Programme Organised by the Hong Kong Press Council
|
|
Highlights of the Draft Measures for the Protection of Consumer Rights and Interests by Banking and Insurance Institutions 《銀行保險機構消費者權益保護管理辦法(徵求意見稿)》的重點
|
EU: EU Parliament MEPs Support Updating Consumer Credit Rules, Address Use of AI and Health Data
|
EU: EDPS Publishes Opinion on Recommendation for Provisions on EU-Japan Data Flows
|
Australia: OAIC Issues Submission on Reform of Data Security Action Plan
|
FTC Officially Launches Privacy Rulemaking Endeavor
|
|
|
What is a Data Correction Request?
Under the Personal Data (Privacy) Ordinance (PDPO), an organisation, as a data user, is required to ensure that the personal data it holds is accurate. The PDPO also grants an individual the right to make a data correction request (DCR) to the organisation if his personal data was found to be inaccurate (i.e. incorrect, incomplete or obsolete) after he (or a “relevant person” on behalf of him) has obtained a copy of his personal data held by the organisation by way of a data access request. The organisation should accede to the DCR without a fee. Failure to handle a DCR in accordance with the requirements under the PDPO without reasonable excuse may constitute an offence and render the offender liable on conviction to a fine.
How should we handle a DCR? Check out the diagram below, which takes you through the workflow of handling a DCR:
|
Check out the PCPD’s guidance below to learn more about the handling of DCR:
|
|
|
PRIVACY COMMISSIONER’S FINDINGS
|
A Staff Member Transferred Personal Data Held by His Employer to His Personal Computer Without Authorisation
Background
A financial institution reported to the PCPD that an administrative staff member copied more than 4,000 files from the office desktop computer to his personal laptop via his own USB flash drive without authorisation. Among those files, 51 of them contained the personal data of different people, including around 6,600 customers, 30 staff members and unsuccessful job applicants. The copied personal data included financial account details of customers, human resources data of staff members and curricula vitae of unsuccessful job applicants. On knowing the incident, the PCPD initiated a compliance check.
In the process of a compliance check, the PCPD found that the staff member concerned was the only staff who was granted permission to use USB flash drives with read-and-write functions in discharging his duties. The files concerned, which were encrypted and password-protected, were stored on the local drive of his non-password-protected office desktop computer. The staff member explained that he copied the files to his personal laptop with a view to cleaning up the space of the hard disk of his office computer which was running slow at the material time.
After internal investigation, the financial institution considered that the staff member concerned had not disclosed any personal data of data subjects and that the staff member had no intent to obtain gain in money or other property (for any person’s benefit) or to cause loss in money or other property to any data subject involved in this incident. In any event, the staff member concerned signed a non-disclosure agreement specifying that he had not disclosed any data contained in the files to any third party and had deleted the files immediately and permanently.
Remedial Measures
In the wake of this incident, the financial institution revoked the USB’s write function of the staff member concerned. The institution also sent an email to all staff members reminding them of the institution’s global policy on secure use of removable storage devices and arranged training for all staff members on information security risk.
Lessons Learnt
In the business environment, it is inevitable that staff members have access to personal data. In general, those who are responsible for administrative and human resources-related matters have to handle a large amount of sensitive personal data. Organisations should attach great importance to data governance and the culture of respecting and protecting privacy. To this end, organisations should regularly review and monitor their staff members’ access rights to personal data to ensure that they would handle personal data on a “need-to-know” basis.
|
Beware of “Quishing” – the Use of QR Codes and the Hidden Fraud
Quick Response (QR) codes are now widely applied in different sectors of Hong Kong. By simply scanning these two-dimensional matrix barcodes generated by organisations with a mobile device that is equipped with a QR Code reader application, users could access information instantly. The convenience and innovation that QR codes bring about have allowed them to become important tools for merchants or marketers. While QR codes have gradually become part of our daily life, we should pay heed to “Quishing”.
What is “Quishing”?
“Quishing” is a tactic used by criminals that apply QR codes when sending out phishing emails. As malicious QR codes can bypass email security gateways and the URL scanning feature of computers’ security gate, internet users will land on phishing websites by scanning these malicious QR codes.
According to the Green Radar Security Operations Center's GRETI 2022Q1 Report1, there was an increase of 30.2% in phishing attacks in the first quarter of 2022 and “Quishing” combines the uniqueness of QR code was to make successful phishing attacks.
What can you do to avoid falling for “Quishing” attacks?
- Authenticate the identity of the sender of the email or message that you receive;
- Stay alert before scanning QR codes and do not scan any codes from unknown sources;
- Turn off the QR code scanner's automatic URL redirection function. Once you turn it off, the scanner will show the URL content and request you to confirm whether to open the URL or not; and
- Use the QR code scanning feature in anti-virus apps to verify the safety of the URL before opening it.
1. Green Radar Security Operations Center's GRETI 2022Q1 Report:
https://www.greenradar.com/%E3%80%90press-release%E3%80%91green-radar-announces-email-threat-index-for-2022q1-phishing-qr-code-is-becoming-the-most-welcomed-exploit-favourite-by-hackers/
|
|
|
Privacy Commissioner Published an Article on “Adoption of Recommended Model Contractual Clauses for Cross-border Transfer of Personal Data” at “The 21st Century Director”, the Monthly Magazine of The Hong Kong Institute of Directors
|
Privacy Commissioner Ms Ada CHUNG Lai-ling published an article at “The 21st Century Director”, the monthly magazine of The Hong Kong Institute of Directors, to discuss the “Guidance on Recommended Model Contractual Clauses for Cross-border Transfer of Personal Data” (the Guidance) and the compliance requirements for transfers of personal data from Hong Kong to other jurisdictions. Please click here to read the article.
The PCPD issued the Guidance recently to introduce two sets of Recommended Model Contractual Clauses for cross-border transfers of personal data, which may be adopted by small and medium-sized enterprises in order to comply with the requirements of the PDPO and good data ethics. Please click here to download the Guidance.
|
Reaching out to Directors - Privacy Commissioner Spoke at the Luncheon Meeting of the Hong Kong Institute of Directors
|
Privacy Commissioner Ms Ada CHUNG Lai-ling delivered a speech on 25 August 2022 at the Luncheon Meeting organised by the Hong Kong Institute of Directors. In the presentation entitled “Data Privacy Pitfalls and Tips for Directors”, the Privacy Commissioner discussed the common personal data privacy pitfalls that might be of concern to directors, and shared some practical tips with the participants to protect personal data privacy. These included the implementation of a Personal Data Privacy Management Programme, appointment of Data Protection Officers, and recommended measures to enhance data security and collect personal data during the pandemic.
Please click here for the Privacy Commissioner’s presentation deck.
|
Showcasing Hong Kong – Assistant Privacy Commissioner Attended Meeting of APEC Digital Economy Steering Group Data Privacy Sub-group
|
Acting Assistant Privacy Commissioner for Personal Data (Legal, Global Affairs and Research) Mr Dennis NG Hoi-fung attended the 45th meeting of APEC Digital Economy Steering Group Data Privacy Sub-group on 24 August 2022. Mr Ng reported on the developments of personal data privacy protection in Hong Kong and gave an update on the work of the PCPD in some key areas, such as taking enforcement actions against doxxing, reviewing the provisions of the local privacy law and hosting the 57th Asia Pacific Privacy Authorities Forum.
|
PCPD Held Sharing Session on “Spirit of the President’s Important Speech”
|
President Xi Jinping delivered an important speech at the meeting celebrating the 25th anniversary of Hong Kong's return to the motherland and the inaugural ceremony of the sixth-term Government of the Hong Kong Special Administrative Region (HKSAR). The PCPD held a sharing session on “Spirit of the President's Important Speech” on 17 August 2022. Privacy Commissioner Ms Ada CHUNG Lai-ling and Acting Assistant Privacy Commissioner for Personal Data (Legal, Global Affairs and Research) Mr Dennis NG Hoi-fung spoke at the session, so as to enable colleagues of the PCPD to obtain a deeper understanding of the spirit of the President's important speech. Colleagues of the PCPD learnt and discussed President Xi’s important speech at the session, including the “four musts” under One Country, Two Systems regime, namely we must implement the policy of One Country, Two Systems in both letter and spirit; we must ensure the integration of overall jurisdiction of the Central Authorities and a high degree of autonomy in the HKSAR; we must implement the principle of patriots administering Hong Kong; and we must maintain Hong Kong’s unique status and strengths. President Xi also set out the “four hopes” for the newly inaugurated Government, that is, strive to improve governance, keep strengthening the momentum of development, take solid steps to address difficulties in people's lives, and jointly uphold harmony and stability. Members of the PCPD’s senior management also shared their thoughts and feelings at the session.
|
Privacy Commissioner’s Office Broadcasts TV Video and Radio Announcement on Doxxing Offences
|
The Personal Data (Privacy) (Amendment) Ordinance 2021 has come into effect to more effectively combat doxxing acts that are intrusive to personal data privacy. The maximum penalty for doxxing is a $1,000,000 fine and 5 years’ imprisonment. To remind members of the public to think twice before reposting any doxxing messages on the internet or social media platforms, the PCPD produced a TV video and radio announcement for broadcast on various TV and radio stations. The video and audio were also uploaded to the PCPD’s website and social media platforms.
TV: https://www.youtube.com/watch?v=91c_DXLP7Mk
Radio: https://www.pcpd.org.hk/english/doxxing/files/PD_2_2021_e_44_1khz_radio.mp3
|
Privacy Commissioner Published an Article on “New Recommended Model Clauses for Cross-border Transfer of Personal Data” at Banking Today, the Bi-monthly Journal of The Hong Kong Institute of Bankers
|
Privacy Commissioner Ms Ada CHUNG Lai-ling published an article at Banking Today, the bi-monthly journal of The Hong Kong Institute of Bankers, to discuss the “Guidance on Recommended Model Contractual Clauses for Cross-border Transfer of Personal Data” (Guidance) and the compliance requirements for transfers of personal data from Hong Kong to other jurisdictions. Please click here to read the article. The PCPD issued the Guidance recently to introduce two sets of Recommended Model Contractual Clauses for cross-border transfers of personal data, which may be adopted by small and medium-sized enterprises in order to comply with the requirements of the PDPO and good data ethics. Please click here to download the Guidance.
|
Reaching out to the Community – Privacy Commissioner Spoke at a Public Seminar of the Media Education Programme Organised by the Hong Kong Press Council
|
Privacy Commissioner Ms Ada CHUNG Lai-ling attended a public seminar of the media education programme organised by the Hong Kong Press Council for secondary school students and teachers on 30 July 2022, and delivered a speech on “Privacy and Freedom of the Press”.
Please click here for the Privacy Commissioner’s presentation deck (Chinese only).
|
|
|
Privacy Commissioner’s Office Issued Guidance Note on Data Security Measures for ICT
|
Amidst the widespread use of information and communications technology, accompanied by the new normal of hybrid working and hybrid learning, data users are confronted with considerable challenges to the protection of personal data privacy, in particular as regards data security. In the first seven months of 2022, the PCPD received 68 data breach notifications from organisations. More than a quarter of these involved vulnerabilities in data users’ information and communications technology (ICT) systems. Against this background, the PCPD issued the “Guidance Note on Data Security Measures for Information and Communications Technology” (Guidance) on 30 August 2022 to provide data users with recommended data security measures for ICT to facilitate their compliance with the requirements of the PDPO (Cap. 486). The Guidance provides, among others, recommendations on data security measures for ICT in the following areas, supplemented by case studies and infographic illustrations: 1. Data Governance and Organisational Measures, including the appointment of a suitable personnel in a leadership role to bear specific responsibility for data security, and ensure sufficient training is provided for staff members. 2. Risk Assessments on data security for new systems and applications before launch, as well as periodically thereafter. 3. A Recommended Series of Technical and Operational Security Measures. 4. Data Processor Management: A data user must adopt contractual or other means to prevent unauthorised or accidental access, processing, erasure, loss or use of the data transferred to the data processor. 5. Remedial actions in the event of Data Security Incidents, thereby reducing the gravity of harm that may be caused to the organisation and affected individuals. 6. Regularly Monitoring, Evaluating and Improving compliance with data security policies. 7. Recommended Data Security Measures for Cloud Services, “Bring Your Own Devices” and Portable Storage Devices. Please click here to download the “Guidance Note on Data Security Measures for Information and Communications Technology”.
|
Privacy Commissioner’s Office Laid Charges in a Doxxing Case
|
On 17 August 2022, the PCPD laid a total of seven charges against a Chinese male aged 26 (defendant) for “disclosing personal data without consent”, contrary to section 64(3A) of the PDPO. The case had its first mention at the Shatin Magistrates’ Court on 25 August 2022 and the case was adjourned to 6 October 2022 for plea. The defendant is presently on bail. This is the second time charges were laid under the new anti-doxxing regime, which came into operation in October 2021. Background of the case The investigation suggests that the defendant and the complainant had a short relationship before breaking up. Between 19 and 26 October 2021, the defendant was suspected to have disclosed on four social media platforms the complainant’s personal data, including her name, photos, residential address, private and office telephone numbers, name of her employer and position. The defendant was also suspected to have impersonated the complainant to open accounts on three of the said platforms. The defendant was suspected to have stated in the relevant messages that the complainant welcomed others to visit her at her address. Many strangers later contacted the complainant and tried to get acquainted with her. The PCPD arrested the defendant on 22 June 2022. Relevant provisions of the PDPO Pursuant to section 64(3A) of the PDPO, a person commits an offence if the person discloses any personal data of a data subject without the relevant consent of the data subject – (a) with an intent to cause any specified harm to the data subject or any family member of the data subject; or (b) being reckless as to whether any specified harm would be, or would likely be, caused to the data subject or any family member of the data subject. A person who commits an offence under section 64(3A) is liable on conviction to a fine of $100,000 and imprisonment for 2 years. According to section 64(6) of the PDPO, specified harm in relation to a person means – (a) harassment, molestation, pestering, threat or intimidation to the person; (b) bodily harm or psychological harm to the person; (c) harm causing the person reasonably to be concerned for the person’s safety or well-being; or (d) damage to the property of the person.
|
Highlights of the Draft Measures for the Protection of Consumer Rights and Interests by Banking and Insurance Institutions 《銀行保險機構消費者權益保護管理辦法(徵求意見稿)》的重點
|
On 19 May 2022, the China Banking and Insurance Regulatory Commission published the Draft Measures for the Protection of Consumer Rights and Interests by Banking and Insurance Institutions (Draft Measures), which set out, among others, rules on the rights of financial services consumers and the protection of their personal information. This article gives you an overview of the Draft Measures.
中國銀行保險監督管理委員會(銀保監會)於2022年8月初向銀行保險機構等發出《關於開展銀行保險機構侵害個人信息權益亂象專項整治工作的通知》,要求有關機構全面梳理和排查銀行業保險業在個人信息保護方面的問題和漏洞,深入整治侵害消費者信息權益亂象,並督促有關機構建立健全消費者個人信息保護工作機制等1。
早於2022年5月19日,銀保監會亦發布了《銀行保險機構消費者權益保護管理辦法(徵求意見稿)》2(《徵求意見稿》),《徵求意見稿》的徵求意見期已於2022年6月19日結束。
《徵求意見稿》是根據《銀行業監督管理法》、《商業銀行法》、《保險法》及《消費者權益保護法》等法規而制定,其目的包括切實保護銀行業保險業消費者合法權益3(當中包括與個人信息保護相關的權益 )。當中,《消費者權益保護法》有不少與消費者個人信息保障相關的規定4。
《徵求意見稿》的規管對象為銀行保險機構,即在境內依法設立並向消費者提供金融産品或服務的銀行業金融機構和保險機構5。
在個人信息保護方面,《徵求意見稿》要求銀行保險機構須建立消費者個人信息保護機制,完善內部管理制度、分級授權審批和內部控制措施,並對消費者個人信息實施全流程分級分類管控6。此外,銀行保險機構處理消費者個人信息,須堅持「合法、正當、必要」的原則,切實保護消費者信息安全權7,這些原則與《個人信息保護法》列明的個人信息處理原則8大致相同。
相比《個人信息保護法》,《徵求意見稿》就處理個人信息方面向銀行保險機構施加更為嚴格的規定。例如,銀行保險機構在收集消費者個人信息時,須取得消費者「明示同意」9,有別於《個人信息保護法》所訂明的「個人同意」10。此外,《徵求意見稿》11和《個人信息保護法》12均禁止銀行保險機構以消費者不同意為由拒絕提供不依賴於其所拒絕授權信息的金融産品或服務,《徵求意見稿》更進一步禁止銀行保險機構採取變相強制、違規購買等不正當方式收集消費者個人信息。《徵求意見稿》亦規定銀行保險機構須取得消費者授權同意,方可與合作方處理消費者信息, 並在與合作機構的協議中加入數據保護責任,並通過加密傳輸綫路、安全隔離、數據加密、權限管控、監測報警等方式,嚴格控制合作方行為與權限13,有關規定較《個人信息保護法》的類似規定14具體和詳盡。
值得留意的是,近年監管機構積極對有職員違反信用信息採集、提供、查詢及相關管理規定的金融機構採取執法行動和發出高額罰款15。有見及此,《徵求意見稿》要求銀行保險機構加強從業人員行為管理,禁止有關人員違規查詢、複製、下載或儲存消費者個人信息,及不得超出自身職責和權限非法處理和使用有關信息16。
根據《徵求意見稿》,銀保監會及其派出的機構負責履行消費者權益保護監管職責17。銀行保險機構以及從業人員如違反本《徵求意見稿》的規定,可被銀保監會及其派出機構依據《銀行業監督管理法》、《商業銀行法》、《保險法》和《消費者權益保護法》等法規實施行政處罰,銀保監會及其派出機構亦可對有關機構和人員責令改正,給予警告,處以10萬元以下罰款。如屬嚴重違規,銀保監會更可向相關董事會成員及高級管理人員給予警告,及處最高人民幣十萬元的罰款18。
1. https://credit.suzhou.gov.cn/news/show/379457.html
2. 全文︰http://www.cbirc.gov.cn/cn/view/pages/ItemDetail.html?docId=1052087&itemId=925
3.《徵求意見稿》第一條
4. 詳見《消費者權益保護法》第十四及二十九條
5.《徵求意見稿》第二條
6.《徵求意見稿》第十二條
7.《徵求意見稿》第四十一條
8.《個人信息保護法》第五條
9.《徵求意見稿》第四十二條,惟《徵求意見稿》未有明確定義何謂「明示同意」。
10.《個人信息保護法》第十三條
11.《徵求意見稿》第四十二條
12.《個人信息保護法》第十六條
13.《徵求意見稿》第四十四條
14.《個人信息保護法》第二十條
15. 東方財富網(2022年2月7日),合計罰超8000萬!3家銀行爲違規行爲買單!︰http://finance.eastmoney.com/a/202202072268566260.html
16.《徵求意見稿》第四十七條
17.《徵求意見稿》第四十八條
18.《徵求意見稿》第五十二條
|
|
|
RECOMMENDED ONLINE TRAININGS
|
Webinar on “Protection of Personal Data Privacy for Property Management Sector” (Rerun)
|
Protecting the personal data of residents and visitors is an indispensable part of the provision of high-quality and professional services by property management bodies.
Owing to the overwhelming response of the webinar held in July, the Office of the Privacy Commissioner for Personal Data (PCPD) will rerun this webinar to assist practitioners in the property management sector to adopt good practices in personal data protection, and enable the general public to understand the best practices adopted by property management companies in the collection and handling of personal data. At the webinar, the PCPD will discuss its recent investigation report in relation to improper handling of the personal data of residents and visitors by some property management companies, and elaborate on the new edition of the Guidance for the Property Management Sector on the protection of personal data recently issued by the PCPD. Renowned practitioner from the property management industry will also share good practices in personal data management with the participants.
Property management practitioners and members of the public who are interested in the topic are welcome to attend.
Date: 20 September 2022 (Tuesday)
Time: 3:00pm – 4:30pm
Fee: Free of charge
Language: Cantonese
Who should attend: Property management practitioners, resident organisations and members of the public with an interest in the topic
|
Online Professional Workshop on Data Protection and Data Access Request
|
There are stringent requirements for compliance with a Data Access Request (DAR) under the PDPO. This workshop will examine in detail the compliance requirements for handling DAR under the PDPO and provide practical guidance to participants on handling DAR, so as to assist them to properly handle DAR in their daily operations.
Date: 7 September 2022 (Wednesday)
Time: 2:15pm – 5:15pm
Fee: $750/$600*
(*Members of the DPOC and the supporting organisations may enjoy the discounted fee)
Language: Cantonese
Who should attend: solicitors, data protection officers, administration managers, human resource officers, customer services personnel
|
Online Professional Workshop on Data Protection in Direct Marketing Activities
|
Direct marketing is widely adopted by different types of organisations in promoting their products and services. In Hong Kong, the use of personal data in direct marketing activities is governed by the PCPD. This workshop provides a practical approach to the compliance of the requirements under the PDPO in direct marketing activities and hands-on solutions to problems that marketers face in devising direct marketing activities, as well as sharing conviction cases with the participants.
Date: 21 September 2022 (Wednesday)
Time: 2:15pm – 5:15pm
Fee: $750/$600*
(*Members of the DPOC and the supporting organisations may enjoy the discounted fee)
Language: Cantonese
Who should attend: data protection officers, compliance officers, company secretaries, administration managers, IT managers, solicitors, database managers and marketing professionals
|
Online Professional Workshop on Recent Court and Administrative Appeals Board Decisions
|
This workshop focuses on specific topics in data privacy law raised in recent decisions of the Hong Kong Court and Administrative Appeals Board (the “Board”), and aims at providing in-depth discussion and updated knowledge to legal practitioners and compliance officers on the interpretation of commonly used provisions of the PDPO. This intermediate level course is for participants who would like to gain more insights on the legal arguments of court decisions and the Board cases.
Date: 28 September 2022 (Wednesday)
Time: 2:15pm – 5:15pm
Fee: $950/$760*
(*Members of the DPOC and the supporting organisations may enjoy the discounted fee)
Language: Cantonese
Who should attend: solicitors, barristers, in-house lawyers, data protection officers, compliance officers, company secretaries and administration managers
|
Online Free Seminar – Introduction to the PDPO Seminar
|
The PCPD organises free introductory seminars regularly to raise public awareness and their understanding of the PDPO. Details of the upcoming sessions are as below:
|
Seminar Outline:
- A general introduction to the PDPO;
- The six Data Protection Principles;
- Offences and compensation;
- Direct marketing; and
- Q&A session.
|
Arrange an In-house Seminar for Your Organisation
|
Teaching employees how to protect personal data privacy is increasingly recognised as an important part of employee training. If you wish to arrange an in-house seminar for your organisation to learn more about the PDPO and data privacy protection, you can make a request for an in-house seminar via our online form.
The seminar outline is as follows:
- A general introduction to the PDPO;
- The six Data Protection Principles (industry-related cases will be illustrated);
- Handling of data breach incidents;
- Direct marketing;
- Offences and compensation; and
- Q&A session.
Duration: 1.5 hours
|
Renewal of DPOC’s Membership
|
Renew your DPOC membership today and continue to enjoy privileged access to course enrolments throughout the year!
Special offer for organisational renewals:
Organisations can join the 2-for-1 scheme, which enables you to receive two memberships for the price of one annual fee (HK$350).
Renew your membership now to keep up-to-date with the latest news and legal developments!
|
PCPD Supports the “Hong Kong Institute of Bankers Annual Banking Conference 2022”
The PCPD is delighted to be one of the supporting organisations of The Hong Kong Institute of Bankers (HKIB)'s Annual Banking Conference 2022.
The event theme is “Strengthen Resilience, Empower Customers and Accelerate Sustainable Growth”. For more details, please click here.
|
The PCPD values the opinions of all our DPOC members. We love to hear your ideas and suggestions on what privacy topics you would like to learn more about. Email your thoughts to us at dpoc@pcpd.org.hk and we shall include the most popular topics in our future e-newsletters.
|
|
|
Contact Us
Address: Room 1303, 13/F, Dah Sing Financial Centre, 248 Queen's Road East, Wanchai, Hong Kong
Tel: 2827 2827
If you do not wish to receive the PCPD e-Newsletter, please click here to unsubscribe.
|
Copyright
Disclaimer
The information and suggestions provided in this publication are for general reference only. They do not serve as an exhaustive guide to the application of the law. The Privacy Commissioner makes no express or implied warranties of accuracy or fitness for a particular purpose or use with respect to the information and suggestions set out in this publication. This publication also contains information or suggestions contributed by others, whose views or opinions are solely those of the contributors and do not necessarily reflect or represent those of the Privacy Commissioner. All information and suggestions provided in this publication will not affect the functions and powers conferred upon the Privacy Commissioner under the Personal Data (Privacy) Ordinance.
The PCPD shall not be liable for any damages (including but not limited to damages for loss of business or loss of profits) arising in contract, tort or otherwise from (i) the use of or inability to use this publication or its content, or (ii) from any action taken or decision made on the basis of the content of this publication.
If you click any hyperlink in this publication that brings you to sites operated by other organisations, the PCPD accepts no responsibility for the contents of those sites and shall not be liable for any loss or damage arising out of and/or incidental to the use of the contents.
|
|
|
|