PCPD e-NEWSLETTER
ISSUE Oct 2022
|
|
|
|
PCPD e-NEWSLETTER
ISSUE Oct 2022
|
|
|
|
First Conviction Secured for Doxxing Case
|
On 6 October 2022, the Shatin Magistrates’ Court convicted a 27-year-old male, Mr HO Muk-wah, of seven charges relating to the new doxxing offence upon his guilty plea. Earlier in August 2022, the PCPD laid seven charges of “disclosing personal data without consent”, contrary to section 64(3A) of the Personal Data (Privacy) Ordinance (PDPO) against Mr Ho. He pleaded guilty to the said seven charges relating to the disclosure of personal data of the complainant on four social media platforms between 19 and 26 October 2021. Mr Ho made the disclosures without the complainant’s consent, with an intent to cause specified harm to her or her family members, or being reckless as to whether specified harm would be, or would likely be, caused to her or her family members. This is the first conviction under the new anti-doxxing regime which took effect on 8 October 2021. Background of the Case The defendant and the complainant had a short relationship before breaking up. Between 19 and 26 October 2021, the defendant disclosed on four social media platforms the complainant’s personal data, including her name, photos, residential address, private and office telephone numbers, name of her employer and position. The defendant also impersonated the complainant to open accounts on three of the said platforms. The defendant stated in the relevant messages that the complainant welcomed others to visit her at her address. Many strangers later contacted the complainant and tried to get acquainted with her. The PCPD arrested the defendant on 22 June 2022. Upon legal advice obtained from the Department of Justice, a total of seven charges were laid against him on 17 August 2022 in respect of doxxing offence. Court Proceedings In the court hearing on 6 October 2022 at the Shatin Magistrates’ Court, the defendant pleaded guilty to and was convicted of all seven charges. The court has adjourned the case to 15 December 2022 for sentence, pending the acquisition of relevant reports. The defendant was granted bail pending sentence. Relevant Provisions under the PDPO Pursuant to section 64(3A) of the PDPO, a person commits an offence if the person discloses any personal data of a data subject without the relevant consent of the data subject –
(a) with an intent to cause any specified harm to the data subject or any family member of the data subject; or (b) being reckless as to whether any specified harm would be, or would likely be, caused to the data subject or any family member of the data subject.
A person who commits an offence under section 64(3A) is liable on conviction to a fine of $100,000 and imprisonment for two years. Pursuant to section 64(3C) of the PDPO, a person commits an offence if –
(a) the person discloses any personal data of a data subject without the relevant consent of the data subject –
- with an intent to cause any specified harm to the data subject or any family member of the data subject; or
- being reckless as to whether any specified harm would be, or would likely be, caused to the data subject or any family member of the data subject; and
(b) the disclosure causes any specified harm to the data subject or any family member of the data subject.
A person who commits an offence under section 64(3C) is liable on conviction on indictment to a fine of $1,000,000 and imprisonment for five years. According to section 64(6) of the PDPO, specified harm in relation to a person means –
(a) harassment, molestation, pestering, threat or intimidation to the person; (b) bodily harm or psychological harm to the person; (c) harm causing the person reasonably to be concerned for the person’s safety or well-being; or (d) damage to the property of the person.
One Year after the Personal Data (Privacy) (Amendment) Ordinance 2021 (Amendment Ordinance) Took Effect to Criminalise Doxxing Acts
The new anti-doxxing regime came into effect on 8 October 2021 to criminalise doxxing acts, empower the Privacy Commissioner to carry out criminal investigations, institute prosecutions for doxxing and related offences, and confer on the Privacy Commissioner statutory powers to demand the cessation of disclosure of doxxing messages. Since the implementation of the Amendment Ordinance, the PCPD has carried out criminal investigations with respect to 91 cases and made arrests in 7 cases. The PCPD also issued 1,252 cessation notices to 23 platforms which involved more than 13,400 doxxing messages. To learn more about our work in the enforcement of the Amendment Ordinance over the past year, please read the articles of the recent media interviews with the Privacy Commissioner Ms Ada CHUNG Lai-ling below:
|
Contributing to the Community – Privacy Commissioner’s Office Volunteer Team Distributes Anti-Fraud Posters and Medical Supplies to Social Welfare Organisations
|
On 12 October 2022, the Anti-Epidemic Volunteer Team (Volunteer Team) of the PCPD distributed anti-fraud posters produced by the PCPD to two social welfare organisations, namely Po Leung Kuk Wan Chai Home for the Elderly cum Day Care Centre for the Elderly and Wan Chai Methodist Centre for the Seniors, with a view to raising the elderly’s awareness of fraudulent scams. Privacy Commissioner Ms Ada CHUNG Lai-ling said, “Different kinds of scams were reported recently in which personal data were obtained from members of the public, leading to monetary losses being suffered by the victims or their relatives. In view of that, the PCPD has produced anti-fraud posters to offer some tips on the prevention of fraud. We hope to raise the awareness of the community, especially the elderly, to watch out for personal data fraud.” Taking the opportunity, the Volunteer Team also made donations of anti-epidemic medical supplies to the above-mentioned social welfare organisations. The medical supplies included approximately 1,100 N95 protective face masks, 1,200 sets of rapid test kits, 1,000 disinfectant hand sanitisers and 400 face shields.
|
|
|
Continuous Assessment and Revision of Privacy Management Policies and Measures
|
|
PRIVACY COMMISSIONER’S FINDINGS
|
PRIVACY COMMISSIONER’S FINDINGS
|
Recruitment Platform Wrongfully Sent out Emails Containing CV Information
|
|
Smart Social Networking – Practical Tips to Protect Your Digital Privacy
|
|
|
A 36-year-old Chinese Male Arrested for a Suspected Doxxing Offence
|
A 37-year-old Chinese Male Arrested for a Suspected Doxxing Offence
|
Privacy Commissioner’s Office Commences Compliance Check into a Data Breach Incident of Shangri-La Group
|
RECOMMENDED ONLINE TRAININGS
|
Online Professional Workshops
|
Free Online Seminar: Introduction to the PDPO
|
Arrange an In-house Seminar for Your Organisation
|
RENEWAL OF DPOC’S MEMBERSHIP
|
|
Secretary for Constitutional and Mainland Affairs and Privacy Commissioner Attend Meeting of the Legislative Council Panel on Constitutional Affairs
|
Strengthening International Connections – Privacy Commissioner attends the 44th Global Privacy Assembly 2022
|
Privacy Commissioner Publishes “Hong Kong Letter” – Stay Vigilant to Prevent Personal Data Fraud
|
Showcasing Hong Kong – Head of Compliance attends the Asia Privacy Bridge Forum 2022
|
Privacy Commissioner Publishes an Article on “Personal Data Protection in the Digital Era” at Hong Kong Lawyer
|
|
Highlights of the “Information Security Technology – Basic Requirements for Collecting Personal Information in Mobile Internet Applications”
《信息安全技術 移動互聯網應用程序(App)收集個人信息基本要求》的重點
|
International: RIPD Releases Guide for Cross-border Data Transfers
|
The EU-US Data Privacy Framework: A New Era for Data Transfers?
|
EU: EDPB Adopts Wishlist of Procedural Aspects, First EU Data Protection Seal, and Statement on Digital Euro
|
UK: ICO Publishes Draft Guidance on Employee Monitoring for Public Consultation
|
|
|
Continuous Assessment and Revision of Privacy Management Policies and Measures
Personal Data Privacy Management Programme (PMP) is an ongoing process which needs continuous monitoring and assessment of the measures, policies and procedures of the programme, and making necessary amendments to ensure its effectiveness. Data Protection Officers should develop an oversight and review plan, and assess and revise programme controls annually. The review plan must:
- cover the implementation of all programme controls;
- cover all policies and procedures related to personal data privacy;
- state when and how to conduct the assessment by whom, and set the assessment criteria;
- include periodic assessment (at least once a year); and
- be endorsed by the top management.
The following is a sample of an oversight and review plan:
|
Please view the PCPD’s Best Practice Guide below for further information about PMP:
|
|
|
PRIVACY COMMISSIONER’S FINDINGS
|
Recruitment Platform Wrongfully Sent out Emails Containing CV Information
Background
A recruitment platform reported to the PCPD that job application emails containing CVs of 4,201 job applicants were erroneously sent to 1,692 companies. The personal data involved included the job applicants’ full names, home addresses, mobile numbers, email addresses, gender, dates of birth, nationalities, identity card numbers, marital status, education background and work experience. On knowing the incident, the PCPD initiated a compliance check.
The PCPD revealed that the incident occurred when a server misconfiguration prompted a manual job application resending process, and a human sorting error caused the data mismatch and job applications being sent incorrectly to the companies.
Remedial Measures
After the incident, the recruitment platform formed a cross-functional task force to assess the impact, resolve the issue, and communicate with external and internal stakeholders. To remove the risk of data mismatch in future, a fully automated process, which eliminated the need for manual interaction with datasets, was implemented in addition to a checking mechanism to ensure that job application emails will not be sent out to irrelevant companies.
Lessons Learnt
Even systems which are predominantly machine-operated may at times require human intervention (such as server misconfiguration in this case). Human interaction is prone to errors. Therefore, completely automated processes are mostly welcomed, albeit some form of auditing mechanism would still be beneficial.
|
Smart Social Networking – Practical Tips to Protect Your Digital Privacy
Social media platforms have become an integral part of everyday life for Hongkongers. However, such use also poses risks to the personal data privacy of the users. Users who over-share information on social media could unwittingly reveal more personal data than they anticipate as these personal data provide good materials for identity theft, cyberbullying or doxxing.
To protect your digital self, here are some practical advice on how to minimise the privacy risks arising from the use of social media:
- Understand how social media platforms handle personal data by examining their privacy policies. The users should clearly understand the relevant changes in their privacy policies before accepting the changes;
- Examine the default privacy settings and review the privacy settings regularly to retain control over what information will be disclosed to other users and how widely the information is disclosed;
- Limit the permissions granted to social media platforms on how the personal data (such as facial images and location data) can be used and how wide the personal data is being shared;
- Think twice before sharing or sending any personal data on social media, and avoid sending sensitive information on social media;
- Respect other people’s privacy and be cautious about tagging others in photos or sharing information about them; and
- Be vigilant about online scams, such as malicious hyperlinks that request users to “log-in” or provide personal data.
Please view the PCPD’s Guidance Note below for further information about protecting personal data privacy when using social media:
|
|
|
Secretary for Constitutional and Mainland Affairs and Privacy Commissioner Attend Meeting of the Legislative Council Panel on Constitutional Affairs
|
The Secretary for Constitutional and Mainland Affairs (SCMA) Mr Erick TSANG Kwok-wai, GBS, IDSM, JP, attended the Policy Briefing meeting of the Legislative Council (LegCo) Panel on Constitutional Affairs on 28 October 2022 to brief Panel members on the Chief Executive’s 2022 Policy Address. Privacy Commissioner Ms Ada CHUNG Lai-ling also attended the meeting to answer questions raised by members on privacy issues and the work of the PCPD. In response to members’ question on amending the PDPO to cope with the development of digital economy and e-Government, Mr Tsang said that the Government has a comprehensive vision to meet the challenges arising from technological development. The Government will review relevant developments and update the PDPO to align it with global privacy protection trends. The Government will also strike a balance between privacy protection and economic development and consult the Legislative Council on the matter in due course. The Privacy Commissioner said that the PCPD supports the development of digital economy. The PCPD will fully underpin the Government in its review of the PDPO and provide professional views in a timely manner. Please click here for the paper provided by the Constitutional and Mainland Affairs Bureau to the LegCo Panel on Constitutional Affairs. Please click here for the opening remarks of the SCMA at the Policy Briefing meeting of the LegCo Panel on Constitutional Affairs (Chinese only).
|
Strengthening International Connections – Privacy Commissioner attends the 44th Global Privacy Assembly 2022
|
Privacy Commissioner Ms Ada CHUNG Lai-ling and senior officers of the PCPD attended the 44th Global Privacy Assembly (GPA) through video conference from 25 to 28 October 2022. The conference, which was held in a hybrid mode in Istanbul, Turkey, featured the theme of ‘A Matter of Balance: Privacy in The Era of Rapid Technological Advancement’. The topics of discussions included privacy issues relating to artificial intelligence, facial recognition technologies, regulatory effectiveness, cross-border data transfers, and protection of children privacy.
The GPA’s International Enforcement Cooperation Working Group, co-chaired by the PCPD, presented its annual report to the GPA. Some highlights of its work in 2022 included conducting closed enforcement sessions to facilitate information sharing and collaboration among data protection authorities, as well as launching the transnational case map, which provides an overview of the cases where GPA members engaged in cross-border enforcement actions or cooperation in 2020 and 2021. The building of the map was led by the PCPD and the data protection authority of Colombia.
In addition, the PCPD co-sponsored the ‘Resolution on International Cooperation Capacity Building for Improving Cybersecurity Regulation and Understanding Cyber Incident Harms’, which was adopted by GPA members by consensus at the conference. Through this resolution, the GPA resolved to develop an understanding of the remits and responsibilities of data protection authorities in relation to cybersecurity, as well as explore opportunities for international cooperation in tackling cybersecurity risks.
The GPA is the leading international forum for over 130 data protection authorities from around the globe to discuss and exchange views on privacy issues and the latest international developments.
|
Privacy Commissioner Publishes “Hong Kong Letter” – Stay Vigilant to Prevent Personal Data Fraud
|
Privacy Commissioner Ms Ada CHUNG Lai-ling published a “Hong Kong Letter” on RTHK Radio 1 on 15 October 2022 to highlight some common tricks of swindlers and offering some tips on safeguarding personal data. The Privacy Commissioner also reminded members of the public to guard against personal data fraud and if they are in doubt, they may call the “Personal Data Fraud Prevention Hotline” 3423 6611 set up by the PCPD for enquiries or complaints. Please click here to read the “Hong Kong Letter” (Chinese only).
|
Privacy Commissioner Publishes an Article on “Personal Data Protection in the Digital Era” at Hong Kong Lawyer
|
Privacy Commissioner Ms Ada CHUNG Lai-ling published an article entitled “Personal Data Protection in the Digital Era” at Hong Kong Lawyer (October issue) to discuss the data security risks faced by businesses in the digital era and introduce the “Guidance Note on Data Security Measures for Information and Communications Technology” (Guidance) published by the PCPD in August 2022. Please click here to read the article.
The Guidance is intended to provide data users with recommended data security measures for information and communications technology to facilitate their compliance with the requirements of the PDPO. Please click here to download the Guidance.
|
Showcasing Hong Kong – Head of Compliance attends the Asia Privacy Bridge Forum 2022
|
Acting Chief Personal Data Officer (Compliance & Enquiries) of the PCPD Mr Brad KWOK spoke through video recording at the Asia Privacy Bridge Forum 2022 held in Seoul, South Korea on 13 October 2022. Mr Kwok delivered a keynote speech entitled “Revitalising the Post-COVID-19 Era with Privacy Protection and Trust”. He pointed out that while the pandemic had accelerated the growth of digital economy, it also gave rise to some noteworthy privacy issues. He emphasised that building trust between organisations and customers through privacy protection is pivotal for the revitalisation of the digital economy. Mr Kwok also introduced the PCPD’s work and achievements to the audience.
The Forum was organised by the Barun ICT Research Centre, Yonsei University, Seoul, South Korea. The theme of this year’s Forum was “Data Privacy Policy for Revitalising the Digital Era”.
|
|
|
A 36-year-old Chinese Male Arrested for a Suspected Doxxing Offence
|
The PCPD arrested a Chinese male aged 36 in New Territories South on 27 October 2022. He was suspected to have disclosed the personal data of a data subject without her consent, in contravention of section 64(3A) of the PDPO. The investigation revealed that rental disputes arose between the victim’s parents and the arrested person when the victim, a university student, lived with her parents in an apartment rented from the arrested person as the landlord. Subsequently, in February 2022, two messages containing the personal data of the victim and some negative comments and allegations about the victim’s parents were posted in a chat group on a social media platform. The personal data disclosed included the victim’s English name, her photo, the university courses and the year in which she enrolled. The PCPD reminds members of the public that doxxing is a serious offence. An offender is liable on conviction to a fine up to $1,000,000 and imprisonment for 5 years. The PDPO applies equally to the online world. To avoid breaking the law, members of the public should think twice before publishing or forwarding any doxxing messages on the internet or social media.
|
A 37-year-old Chinese Male Arrested for a Suspected Doxxing Offence
|
The PCPD arrested a Chinese male aged 37 in Kowloon West on 13 October 2022. He was suspected to have disclosed the personal data of a data subject without her consent, in contravention of section 64(3A) of the PDPO.
The investigation reveals that the arrested person signed a contract with the victim, an intermediary agency, for employment of a foreign domestic helper in 2021. The victim and the arrested person later ran into a monetary dispute after the domestic helper had failed to report duty. In April 2022, the personal data of the victim, including her Chinese name, English name, the name of her school, photos, as well as the name of her business and business address were posted in three doxxing messages on a social media platform alongside some negative comments and allegations. The PCPD reminds members of the public that doxxing is a serious offence. An offender is liable on conviction to a fine up to $1,000,000 and imprisonment for 5 years. The PDPO applies equally to the online world. To avoid breaking the law, members of the public should think twice before publishing or forwarding any doxxing messages on the internet or social media.
|
Privacy Commissioner’s Office Commences Compliance Check into a Data Breach Incident of Shangri-La Group
|
The PCPD received a data breach notification from Shangri-La Asia Limited (Shangri-La) in the evening of 29 September 2022, notifying the PCPD that eight of its hotels suffered cyber attacks, including three hotels in Hong Kong (Island Shangri-La, Hong Kong; Kerry Hotel, Hong Kong; Kowloon Shangri-La, Hong Kong). The PCPD noted that the personal data of over 290,000 Hong Kong customers might have been affected. Having considered the nature of the incident and the significant number of data subjects involved, the PCPD has commenced a compliance check into the incident. The PCPD calls on organisations to notify the PCPD of any data breach incident as soon as possible. Notification of a data breach incident will enable the PCPD to help the organisation and the affected parties to take appropriate and timely measures to minimise the damage caused by the incident to the organisation and the affected parties. The organisation should also notify the affected parties of the data breach incident as soon as possible. The PCPD appeals to citizens who have previously stayed in, and provided their personal data to, the Shangri-La hotels in question to be vigilant about potential theft of their personal data. If they are in doubt about whether their personal data have been leaked, they may make enquiries with Shangri-La, or make enquiries/complaints to the PCPD (telephone: 2827 2827 or email: communications@pcpd.org.hk). To protect personal data privacy, affected citizens are also advised to take the following measures:
- Beware of any unusual logins of any registered accounts and personal emails;
- Review their payment card statements to spot any unauthorised transactions;
- Change the passwords of the relevant accounts and enable the two-factor authentication function (if available);
- Stay vigilant when they receive any suspicious calls, text messages or emails from unknown sources; and
- Be vigilant against phishing or other possible scams.
|
Highlights of the “Information Security Technology – Basic Requirements for Collecting Personal Information in Mobile Internet Applications”
《信息安全技術 移動互聯網應用程序(App)收集個人信息基本要求》的重點
|
On 15 April 2022, the State Administration for Market Regulation and the Standardization Administration of China jointly released the “Information Security Technology – Basic Requirements for Collecting Personal Information in Mobile Internet Applications” (Basic Requirements) which will become effective on 1 November 2022. This article gives you an overview of the Basic Requirements.
國家市場監督管理總局及國家標準化管理委員會於2022年4月15日聯合發布的《信息安全技術 移動互聯網應用程序(App)收集個人信息基本要求》(GB/T 41391-2022)1(《基本要求》)將於2022年11月1 日起實施。《基本要求》以部分現有法規或指引文件為基礎,並重點圍繞個人信息處理的最小必要原則(data minimisation),整合出App在收集個人信息或申請系統權限時須遵守的各項要求。
首先,《基本要求》指出App收集個人信息的要求與其功能密切相關2,因此須明確劃分基本業務功能3及擴展業務功能4。按必要程度,App可收集的個人信息分為以下兩類:
- 必要個人信息:保障App基本業務功能正常運行所必需的個人信息,如缺少該等個人信息,該App的基本業務功能便無法實現或正常運行5;
- 非必要但有關聯個人信息:與App所提供服務直接相關但可選收集的個人信息,這類信息可由用戶拒絕或撤回同意收集6。
倘若個人信息與App所提供服務目的無直接關聯,即收集與否並不影響App的功能和服務質量,便屬於「無關個人信息」。根據《基本要求》,App不應收集、亦不應向用戶徵求同意收集無關個人信息7。
《基本要求》訂明App收集個人信息時應滿足告知同意要求,包括:
- 向用戶明示App基本業務功能、擴展業務功能和必要個人信息範圍,並顯著區分必要和非必要個人信息8;
- 拆分必要和非必要個人信息的同意9;
- 保障用戶可拒絕或撤回同意收集非必要個人信息,且不應因此拒絕用戶使用該App的基本業務功能10;以及
- 不應通過綑綁不同類型服務、綑綁基本業務功能和擴展業務功能、批量申請授權等方式,誘導、強逼用戶一次性同意個人信息收集要求11。
為協助App運營者界定其應用程序之類型及對應的「必要個人信息」,《基本要求》沿用《常見類型移動互聯網應用程序必要個人信息範圍規定》12,劃分出39個常見的App服務類型,並列明各自的基本業務功能及「必要個人信息範圍」13。在此基礎上,《基本要求》進一步列明該些「必要個人信息」的使用要求,以規範個人信息的使用。舉例而言,「註冊用戶移動電話號碼」雖然屬於大部分應用程序類型的「必要個人信息」,但在多數情況下,其用途僅限於在註冊過程中進行真實身份信息認證。
除直接收集個人信息外,《基本要求》亦覆蓋涉及個人信息收集的系統權限申請和使用。在這一方面,《基本要求》參考《網絡安全實踐指南—移動互聯網應用程序(App)系統權限申請使用指引》14,列出App向用戶申請或動用系統權限時須遵守的原則及詳細要求15。其中,《基本要求》強調App通過權限獲得的個人信息和能力,不應在未經用戶同意的情況下提供給App接入的第三方應用16。《基本要求》同時列出12項特定類型個人信息並分別提出具體要求17,當中大部分與系統權限相關,例如通訊錄信息、位置信息、相冊信息等。
此外,《基本要求》特別就App收集個人信息的實際情況提出一系列額外要求,當中包括:
- 當App在靜默狀態或在後台運行,且未向用戶提供服務時,不應收集個人信息18;
- 不應通過積分、獎勵、優惠、紅包等方式,欺騙誤導用戶提供與App業務功能無關的個人信息或權限19;以及
- 當拍攝、錄音、錄屏、定位時,應採用顯著方式提示用戶20。
最後,雖然《基本要求》屬「推薦性國家標準」21,不過其編制過程參照多份現有法規及指引,當中不少原則及要求又與《個人信息保護法》一致,相信《基本要求》對一眾App運營者仍具相當實用性和參考價值。
1.《基本要求》可於網上預覽:
https://openstd.samr.gov.cn/bzgk/gb/newGbInfo?hcno=977D9EBB32ABF0A7DD6A1215969FE57A
2.《基本要求》5 – App功能劃分
3. 即App實現用戶主要使用目的的業務功能(見《基本要求》3.6)
4. 即App所提供的基本業務功能以外的其他業務功能(見《基本要求》3.7)
5.《基本要求》附錄B.2(a)
6.《基本要求》附錄B.2(c)
7.《基本要求》附錄B.2(b)
8.《基本要求》6.4.1(b)
9.《基本要求》6.4.1(c)
10.《基本要求》6.4.1(d)
11.《基本要求》6.4.1(f)
12. 全文:
http://big5.www.gov.cn/gate/big5/www.gov.cn/zhengce/zhengceku/2021-03/23/content_5595088.htm
13.《基本要求》附錄A – 常見服務類型App必要個人信息範圍及其使用要求
14. 全文:https://www.tc260.org.cn/upload/2020-09-20/1600568390720026360.pdf
15.《基本要求》6.5.1 – 權限申請及 6.5.2 – 權限使用
16. 如App內提供的小程序、網頁頁面等
17.《基本要求》附錄C – 特定類型個人信息收集要求
18.《基本要求》6.7(c)
19.《基本要求》6.7(e)
20.《基本要求》6.7(f)
21. 即不具有強制性,機構有權決定是否採用,而違反這類標準不構成經濟或法律方面的責任
|
|
|
RECOMMENDED ONLINE TRAININGS
|
Online Professional Workshop on Data Protection in Insurance
|
Insurance practitioners handle a large amount of customers’ personal data in their daily work. It is essential that they understand and comply with the requirements under the PDPO which apply to them in their capacities as data users in handling personal data. This workshop examines core concepts of practical data protection compliance illustrated by specific scenarios in the insurance industry, highlights some potential problems and provides solutions relating to the handling of personal data in the industry.
Date: 9 November 2022 (Wednesday)
Time: 2:15pm – 5:15pm
Fee: $750/$600*
(*Members of the DPOC and the supporting organisations may enjoy the discounted fee)
Language: Cantonese
Who should attend: insurance practitioners, data protection officers, compliance officers, solicitors, advisers and other personnel undertaking work relating to the insurance industry.
|
Online Professional Workshop on Data Protection and Data Access Request
|
This workshop is designed for human resource practitioners who handle a large amount of employees’ personal data to learn how to comply with the requirements of the PDPO by adopting best practices in handling personal data in different phases of the employment process.
Date: 16 November 2022 (Wednesday)
Time: 2:15pm – 5:15pm
Fee: $750/$600*
(*Members of the DPOC and the supporting organisations may enjoy the discounted fee)
Language: Cantonese
Who should attend: solicitors, data protection officers, administration Managers, Human Resource Officers, Customer Services Personnel.
|
Other Professional Workshops on Data Protection in Nov and Dec 2022:
|
Online Free Seminar – Introduction to the PDPO Seminar
|
The PCPD organises free introductory seminars regularly to raise public awareness and their understanding of the PDPO. Details of the upcoming sessions are as below:
|
Seminar Outline:
- A general introduction to the PDPO;
- The six Data Protection Principles;
- Offences and compensation;
- Direct marketing; and
- Q&A session.
|
Arrange an In-house Seminar for Your Organisation
|
Teaching employees how to protect personal data privacy is increasingly recognised as an important part of employee training. If you wish to arrange an in-house seminar for your organisation to learn more about the PDPO and data privacy protection, you can make a request for an in-house seminar via our online form.
The seminar outline is as follows:
- A general introduction to the PDPO;
- The six Data Protection Principles (industry-related cases will be illustrated);
- Handling of data breach incidents;
- Direct marketing;
- Offences and compensation; and
- Q&A session.
Duration: 1.5 hours
|
Renewal of DPOC’s Membership
|
Renew your DPOC membership today and continue to enjoy privileged access to course enrolments throughout the year!
Special offer for organisational renewals:
Organisations can join the 2-for-1 scheme, which enables you to receive two memberships for the price of one annual fee (HK$350).
Renew your membership now to keep up-to-date with the latest news and legal developments!
|
The PCPD values the opinions of all our DPOC members. We love to hear your ideas and suggestions on what privacy topics you would like to learn more about. Email your thoughts to us at dpoc@pcpd.org.hk and we shall include the most popular topics in our future e-newsletters.
|
|
|
Contact Us
Address: Room 1303, 13/F, Dah Sing Financial Centre, 248 Queen's Road East, Wanchai, Hong Kong
Tel: 2827 2827
If you do not wish to receive the PCPD e-Newsletter, please click here to unsubscribe.
|
Copyright
Disclaimer
The information and suggestions provided in this publication are for general reference only. They do not serve as an exhaustive guide to the application of the law. The Privacy Commissioner makes no express or implied warranties of accuracy or fitness for a particular purpose or use with respect to the information and suggestions set out in this publication. This publication also contains information or suggestions contributed by others, whose views or opinions are solely those of the contributors and do not necessarily reflect or represent those of the Privacy Commissioner. All information and suggestions provided in this publication will not affect the functions and powers conferred upon the Privacy Commissioner under the Personal Data (Privacy) Ordinance.
The PCPD shall not be liable for any damages (including but not limited to damages for loss of business or loss of profits) arising in contract, tort or otherwise from (i) the use of or inability to use this publication or its content, or (ii) from any action taken or decision made on the basis of the content of this publication.
If you click any hyperlink in this publication that brings you to sites operated by other organisations, the PCPD accepts no responsibility for the contents of those sites and shall not be liable for any loss or damage arising out of and/or incidental to the use of the contents.
|
|
|
|