Enhancing Awareness of Fraud Prevention

To raise public awareness of the prevention of fraud, the PCPD has launched a series of anti-fraud promotional activities under the theme of “Don’t Hand Over Your Personal Data – Beware of Fraudsters” this year. The activities comprise among other things, the launch of short videos on fraud prevention starring artistes Alice FUNG So-bor (馮素波) and Timothy CHENG Tse-sing (鄭子誠), which aim to remind the public to stay vigilant in protecting their personal data privacy so as to avoid property loss.
 
The campaign kick-started with the first episode titled “Fake Membership Awards Programme”, which was broadcast on the PCPD’s official YouTube channel and local TV channels in June this year. It greatly enhanced the awareness of personal data privacy protection among the public. Following its success, the second episode, with the theme of “Promotional Gifts Scam”, has been published on the PCPD’s official YouTube channel starting from 17 August to remind citizens not to disclose personal data out of greed.

The PCPD has also placed anti-fraud promotional posters on MTR train compartments for two weeks until 30 August. 

Please click here to watch the latest PCPD’s anti-fraud video (Chinese only).

Data Scraping on Social Media Raises Concerns
The PCPD, together with Other Privacy Protection Authorities, 
Promulgates Global Privacy Protection Expectations and Principles 
to Social Media Platforms

The PCPD together with 11 privacy or data protection authorities from Argentina, Australia, Canada, Colombia, Jersey, Mexico, Morocco, New Zealand, Norway, Switzerland and the United Kingdom, issued a joint statement on 25 August to social media platforms and other websites that host publicly accessible personal data about global expectations on privacy protection.

Data scraping, which generally involves extraction of data (including personal data) from the web by automated processes, raises significant privacy concerns. It can result in personal data being sold in the dark web without the knowledge and consent of the data subject, leading to exploitation of personal data for targeted cyberattacks, identity fraud, and unwanted direct marketing or spam messages.

In the joint statement, the signatories point out that:

• Personal information that is publicly accessible is still subject to data protection and privacy laws in most jurisdictions;
• Social media companies and the operators of websites that host publicly accessible personal data have obligations under data protection and privacy laws to protect personal information on their platforms from unlawful data scraping; and
• Mass data scraping incidents that harvest personal information can constitute reportable data breaches in many jurisdictions.

The signatories recommend that these social media platforms and websites should also implement multi-layered technical and procedural controls to mitigate the privacy risks of data scraping, which include, among others:

• Designating a team and/or specific roles to identify and implement controls to protect against data scraping activities;
• Taking steps to review automated scraping programs and data scraping and take actions to stop such activities;
• Monitoring accounts with unusually high engagement with other accounts so as to block suspicious accounts; and
• Continuously monitoring security risks and threats from malicious or other unauthorised actors to their platforms.

In addition, the signatories remind users, before sharing their personal data online, to beware of the risk that their personal data could be within the reach of potential scrapers who could use it for harmful purposes. Users are also advised on the measures they can take to mitigate the risk of data leakage.

The joint statement is signed by 12 authorities brought together through the Global Privacy Assembly (GPA)’s International Enforcement Cooperation Working Group (IEWG). In addition to the PCPD, other signatories include the Agency for Access to Public Information of Argentina, the Office of the Australian Information Commissioner, the Office of the Privacy Commissioner of Canada, the Superintendencia de Industria y Comercio of Colombia, the Jersey Office of the Information Commissioner, National Institute for Transparency, Access to Information and Personal Data Protection of Mexico, the CNDP (Commission Nationale de contrôle de la protection des Données à caractère Personnel) of Morocco, the Office of the Privacy Commissioner of New Zealand, the Datatilsynet of Norway, the Federal Data Protection and Information Commissioner of Switzerland and the Information Commissioner’s Office of the United Kingdom.

The joint statement has been sent to various companies running major social media platforms, including Alphabet Inc. (YouTube), Meta Platforms, Inc. (Instagram, Facebook and Threads) and Microsoft Corporation (LinkedIn), etc. The signatories look forward to receiving feedback from the companies within one month about how they currently comply, or intend to comply, with the expectations and principles detailed in the joint statement.

Please click here to read the joint statement.

The Awards Presentation Ceremony of the PCPD’s Privacy-Friendly Awards (PFA) 2023 is scheduled to take place on 31 August. Following the ceremony, we will update the PFA website with the list of this year’s winners. We greatly appreciate your continuous support and interest in the protection of personal data privacy.

PRIVACY 101

How to Handle a Data Access Request Properly?

Under the PDPO, a data subject has the right to make a data access request (DAR), which enables the data subject to know whether an organisation (as a data user) holds his personal data, and to obtain a copy of it. It also ties in with a further right under the PDPO for a data subject to make a data correction request to an organisation if his personal data was found to be inaccurate. An organisation may impose a fee for complying with a DAR which should not be excessive.

How could organisations handle a DAR properly? Organisations may make reference to the basic workflow below to promulgate clear guidelines and work procedures on the handling of DARs.

Please read the PCPD’s publication below to learn more details on handling DARs and the charging of DAR fee properly: Proper Handling of Data Access Request and Charging of Data Access Request Fee by Data Users

PRIVACY COMMISSIONER’S FINDINGS

A Bank Improved its Personal Data Update Webpage by Adopting a Setting that Respects Privacy to Ensure that the Bank has Obtained Customers’ Valid Consent before Using their Personal Data for Direct Marketing

The Complaint

The complainant was a customer of a bank. He updated his contact information through the bank’s online banking service. When inputting his new contact information on the personal data update webpage, he was asked whether he “does not accept the use of customer’s personal data for direct marketing by the bank”. The complainant believed that as he had previously made a written opt-out request to the bank, he did not need to tick the box to confirm his non-consent to the use of his personal data for direct marketing by the bank.

As the complainant had not ticked the above-mentioned box, the bank considered that he had cancelled his previous opt-out request and treated him as a customer who consented to the use of his personal data for direct marketing. Subsequently, the bank made a direct marketing call to the complainant. The complainant then complained to the PCPD that the bank did not comply with his opt-out request.

Outcome

The PCPD reiterated to the bank that the complainant did not consent to the use of his personal data for direct marketing by the bank, and the bank confirmed that no further direct marketing messages would be sent to the complainant. Additionally, the PCPD urged the bank to review its personal data update webpage to ensure that customers are provided with a clear and genuine choice regarding the use of their personal data for direct marketing.

The bank acknowledged the need for fair and transparent handling of customers’ opt-out requests. Consequently, the bank improved the personal data update webpage by changing the wording of the box from “do not accept the use of customer’s personal data for direct marketing by the bank” to “accept the use of customer’s personal data for direct marketing by the bank”. If customers do not tick the box indicating acceptance, the bank will not use their personal data for direct marketing.

Lessons Learnt

Under the PDPO, a data subject’s “consent” to the use of his personal data for direct marketing by data users can include the data subject’s “indication of no objection”. However, for the “indication of no objection” to be valid, the data subject must expressly indicate that he does not object to the use of his personal data for direct marketing by data users. In other words, if a customer has previously made an opt-out request to the bank, even if the bank re-asks him if he would accept direct marketing and he does not respond, the bank cannot recklessly assume that he has “consented” to the use of his personal data for direct marketing, or he wishes to cancel his previous opt-out request.

When collecting customers’ personal data or allowing them to make an opt-in or opt-out choices online or through applications, organisations should adopt the Privacy by Design approach. This ensures that organisations collect and use customers’ personal data for direct marketing only when customers are clearly informed and their genuine consent is obtained. By doing so, organisations not only win trust from customers, but also enhance their professional images in the industry while improving the effectiveness of direct marketing.

TECH TALK

Privacy Protection in the Era of Smart Living

Entering the era of smart living, smart home technology is becoming increasingly popular, offering homeowners a more advanced and automated environment. A smart home allows for remote control of smart appliances and devices, such as surveillance cameras, video doorbells and smart thermostats, through smartphones, tablets or even virtual assistants via an internet connection. There is no doubt that smart homes have simplified everyday tasks and increased homeowners’ convenience. However, being part of the Internet of Things (IoT), smart homes also bring cybersecurity risks, potentially compromising the privacy of homeowner’ personal data stored in IoT devices.

Here are some security tips to protect personal data privacy when living in a smart home:

• Buy IoT devices from reputable suppliers that prioritise cybersecurity and offer enhanced privacy features;

   

• Choose products with security functions that support encrypted data transmission and allow for changing default password during the initial setup stage;

   

• Use a strong and unique password with at least 8 characters containing uppercase letters, numbers and special characters, or consider implementing two-factor authentication;

   

• Install comprehensive security software and regularly update the firmware and software of IoT devices to address security vulnerabilities;

   

• Monitor and review network activities of IoT devices regularly and disconnect any devices that are deemed unsafe;

   

• Choose products that suit your needs and configure your devices properly, such as disabling unnecessary functions; and
  
  

• Before disposing of IoT devices, securely erase all sensitive data stored on them.

WHAT’S ON

Reaching Out to the Community – Privacy Commissioner Interviewed by Now News’ “News Magazine” to Discuss Data Scraping from Social Media Platforms

Privacy Commissioner Ms Ada CHUNG Lai-ling was interviewed by Now News’ “News Magazine” on 28 August to explain the joint statement issued by the PCPD and eleven privacy or data protection authorities to social media platforms regarding data scraping from such platforms.

During the interview, the Privacy Commissioner pointed out that the protection of personal data privacy on social media platforms is a global issue, and the joint statement reminded the operators of social media platforms of their responsibilities to implement multi-layered controls to protect the personal data of users of such platforms.

The Privacy Commissioner also reminded users to think twice before uploading their personal data to social media platforms, as online platforms are tantamount to an open sea and it would be very difficult for users to completely remove any posted data.

Please click here (first part, second part) to view the interview by Now News’ “News Magazine” (Chinese only).

Reaching Out to the Community – Privacy Commissioner Interviewed by the Media to Explain the Pamphlet on “Sharenting Dos and Don’ts”

Privacy Commissioner Ms Ada CHUNG Lai-ling was interviewed by RTHK Radio 1’s “HK2000”, Commercial Radio 1’s “On a Clear Day” on 4 August and RTHK Radio 1’s “Hong Kong Today” on 5 August to explain the pamphlet entitled “Sharenting Dos and Don’ts” (Pamphlet) issued by the PCPD.

During the interviews, the Privacy Commissioner pointed out that as parents are more likely to share their children’s daily lives on social media during the summer vacation, the Pamphlet aims to provides some tips for parents before they publish any post about their children online.

In the programmes, the Privacy Commissioner quoted a report issued by the United Nations Human Rights Council in July 2021, which revealed that 80% of children living in developed Western countries had left digital footprint before they were two years old. She also cited a case in the United States in which a couple uploaded their children’s daily routines on the internet, which eventually led to intervention by law enforcement agencies. She reminded the public that personal data could not be easily removed once they were uploaded on the internet, and that parents should think twice before “sharenting” as over-sharing of children’s daily lives online might lead to bullying behaviour among students and might affect their children’s future education or work prospects.

Please click here to listen to the interview by RTHK Radio 1’s “HK2000” (Chinese only).

Please click here to listen to the interview by RTHK Radio 1’s “Hong Kong Today” (from 1”04”14 to 1”10”14) (Chinese only).

Reaching Out to the Community – Legal Counsel of the PCPD Interviewed by RTHK Radio 3’s “Backchat” to Explain the Pamphlet on “Sharenting Dos and Don’ts”

Legal Counsel of the PCPD Ms Joyce LIU was interviewed by RTHK Radio 3’s “Backchat” on 24 August to explain the pamphlet entitled “Sharenting Dos and Don’ts” (Pamphlet) issued by the PCPD.

During the interview, Ms Liu said that the PCPD noted that “sharenting” had become a phenomenon in Hong Kong. Some parents open fan pages for their children on social media platforms and share their daily lives. In light of this, the PCPD issued the Pamphlet to remind parents to avoid oversharing and note the importance of protecting their children’s personal data privacy.

Reaching Out to the Community – Representatives of the PCPD Interviewed by the Media

Representatives of the PCPD were interviewed by RTHK Radio 1’s “Open Line Open View” and Now News’ “News Magazine” on 10 August.

During the interview on RTHK Radio 1’s “Open Line Open View”, Assistant Privacy Commissioner (Complaints and Criminal Investigation) Mr Billy KWAN explained the definition of “personal data” under the PDPO. Regarding the handling of unlawful publication of intimate images, he said that depending on the circumstances, the PCPD would request the platforms concerned to remove the intimate images in question after reviewing the cases.

During the interview on Now News’ “News Magazine”, Senior Legal Counsel Ms Hermina NG said that the PCPD noted the recent news report on the publication of intimate images without consent. The PCPD had taken the initiative to contact the relevant organisation to offer assistance, and would carry out online patrols and follow up the matter. She also explained the pamphlet entitled “Sharenting Dos and Don’ts” issued by the PCPD, and provided tips for parents on the publication of posts about their children on social media platforms.

Please click here to listen to the interview by RTHK Radio 1’s “Open Line Open View” (Chinese only).

Please click here (first part, second part) to listen to the interview by Now News’ “News Magazine” (Chinese only).

PCPD Issues Updated Guidance on Election Activities for Candidates, Government Departments, Public Opinion Research Organisations and Members of the Public

In light of the upcoming District Council election to be held in December 2023, the PCPD updated the “Guidance on Election Activities for Candidates, Government Departments, Public Opinion Research Organisations and Members of the Public” (the Guidance) to provide guidance to candidates, their affiliated political bodies, government departments responsible for organising the elections and public opinion research organisations on complying with the requirements under the PDPO in the context of election activities, and to provide members of the public with advice on the protection of their personal data in elections.

The main revisions concern the new criminal doxxing provisions under sections 64(3A) and (3C) of the PDPO, which are applicable to the personal data of electors retained in the registers of electors (please see paragraph 3.10 of the Guidance for details).
 
Please click here to download the updated “Guidance on Election Activities for Candidates, Government Departments, Public Opinion Research Organisations and Members of the Public”.

MEDIA STATEMENT

A 36-year-old Chinese Male Arrested for Doxxing his Friend

The PCPD arrested a Chinese male aged 36 on Hong Kong Island on 29 August. The arrested person was suspected to have disclosed the personal data of a friend of him without her consent, in contravention of section 64(3A) of the PDPO.
 
The PCPD’s investigation revealed that the victim and the arrested person were friends. In July 2022, three messages containing the personal data of the victim were posted in an open discussion group of a social media platform, alongside some negative comments on the victim. The personal data disclosed included the victim’s Chinese name, English surname, alias, age, mobile phone number, names of residential estate and building, name of secondary school, name of her former employer, her previous jobs and a screen shot of the victim’s profile on a social media platform depicting her face.
 
The PCPD reminds members of the public that they should not dox others because of personal disputes. Doxxing is not a means to resolve disputes as it would only escalate conflict. Moreover, doxxing is a serious offence and the offender is liable on conviction to a fine up to $1,000,000 and imprisonment for five years.
  

Relevant Provisions under the PDPO
 
Pursuant to section 64(3A) of the PDPO, a person commits an offence if the person discloses any personal data of a data subject without the relevant consent of the data subject – 

1. with an intent to cause any specified harm to the data subject or any family member of the data subject; or
2. being reckless as to whether any specified harm would be, or would likely be, caused to the data subject or any family member of the data subject

A person who commits an offence under section 64(3A) is liable on conviction to a fine of $100,000 and imprisonment for two years.

Pursuant to section 64(3C) of the PDPO, a person commits an offence if – 

1. the person discloses any personal data of a data subject without the relevant consent of the data subject – 

   1. with an intent to cause any specified harm to the data subject or any family member of the data subject; or

   2. being reckless as to whether any specified harm would be, or would likely be, caused to the data subject or any family member of the data subject; and

2. the disclosure causes any specified harm to the data subject or any family member of the data subject. 

A person who commits an offence under section 64(3C) is liable on conviction on indictment to a fine of $1,000,000 and imprisonment for five years.

According to section 64(6) of the PDPO, specified harm in relation to a person means –

1. harassment, molestation, pestering, threat or intimidation to the person;
2. bodily harm or psychological harm to the person;
3. harm causing the person reasonably to be concerned for the person’s safety or well-being; or
4. damage to the property of the person.

A 28-year-old Chinese Female Arrested for Suspected Doxxing Offence Relating to Emotional Entanglements

The PCPD arrested a Chinese female aged 28 in the New Territories on 10 August. The arrested person was suspected to have disclosed the personal data of her ex-boyfriend without his consent, in contravention of section 64(3A) of the PDPO.
 
The PCPD’s investigation revealed that the victim and the arrested person had had a close relationship. In around mid-2022, the arrested person contacted the victim to harass him and demanded compensation from him but the victim refused her demand. In April 2023, a total of 14 messages containing the personal data of the victim were posted in an open discussion group and in a personal account on a social media platform, alongside some negative comments on the victim. The personal data disclosed included the victim’s Chinese name, English name, photos, names of his secondary school, university and faculty, as well as the name of the company in which he worked.
 
The PCPD reminds members of the public that they should not dox others because of personal disputes. Doxxing is not a means to resolve disputes as it would only escalate conflict. Moreover, doxxing is a serious offence and the offender is liable on conviction to a fine up to $1,000,000 and imprisonment for five years.

Think Twice before “Sharenting” – PCPD Publishes a Pamphlet on Sharenting Dos and Don’ts

Amidst the summer vacation and the popularity for parents to share their children’s daily lives on social media platforms (also known as “sharenting”, a portmanteau  of “sharing” and “parenting”), the PCPD published a pamphlet entitled “Sharenting Dos and Don’ts” on 3 August, which provides some tips for parents before they publish any post about their children online.

The Pamphlet highlights the following tips for parents:

Dos

• Beware of the details of disclosure; 
• Communicate – seek agreement;
• Double check your privacy settings; and
• Think about the future.

Don’ts

• Don’t overlook your children’s privacy;
• Don’t live for the “likes”;
• Don’t overshare; and
• Don’t post photos of other children without permission from their parents.

Please click here to download the Pamphlet.

MAINLAND CORNER

Highlights of the “Interim Measures for the Management of Generative Artificial Intelligence Services”
《生成式人工智能服務管理暫行辦法》的重點

To promote the healthy and holistic development of generative artificial intelligence technology and to regulate its application in the Mainland, the Cyberspace Administration of China (CAC) along with six other government authorities, issued the finalised version of the Interim Measures for the Management of Generative Artificial Intelligence Services (the Interim Measures) on 13 July 2023. The draft of the Interim Measures was previously released on 11 April 2023 by the CAC for public consultation (see our column in April 2023). Following the end of the consultation period on 10 May 2023, the Interim Measures now came into effect on 15 August 2023. This article provides an overview of the Interim Measures. 

為促進生成式人工智能技術的健康發展和規範其應用，國家互聯網信息辦公室 (網信辦)連同六個不同國家部門於2023年7月13日發布《生成式人工智能服務管理暫行辦法》 (《辦法》)¹。《辦法》的《徵求意見稿》早於2023年4月11日發布 (可參考本欄2023年4月的文章)，而有關意見反饋期限已於2023年5月10日完結。《辦法》已於2023年8月15日開始實施，重點如下：

規管對象及定義

《辦法》適用於在境內利用生成式人工智能技術，向境內公眾提供生成文本、圖片、音頻、視頻等内容的服務²。《辦法》亦就以下用語作出明確定義³：

• 生成式人工智能技術：指具有文本、圖片、音頻、視頻等內容生成能力的模型及相關技術。
• 生成式人工智能服務提供者（提供者）：指利用生成式人工智能技術提供生成式人工智能服務（包括通過提供可編程接口等方式提供生成式人工智能服務）的組織、個人。
• 生成式人工智能服務使用者（使用者）：指使用生成式人工智能服務生成內容的組織、個人。

《辦法》的重點内容

提供者的責任

《辦法》提及提供和使用生成式人工智能服務的都應當遵守國内法律法規的要求，在尊重社會公德和倫理道德的大原則下謹遵規定⁴，當中提供者的責任包括：

• 依法開展預訓練、優化訓練等訓練數據處理活動⁵；
• 在生成式人工智能技術研發過程中進行數據標注的提供者應當制定符合《辦法》要求的清晰、具體、可操作的標注規則；開展數據標注質量評估，抽樣核驗標注內容的準確性，並對標注人員進行必要培訓，提升尊法守法意識，監督指導標註人員規範開展標註工作⁶；
• 與註冊其服務的使用者簽訂服務協議，明確雙方權利義務⁷；
• 明確並公開其服務的適用人群、場合、用途，指導使用者科學理性認識和依法使用生成式人工智能技術，並採取有效措施防範未成年人用戶過度依賴或沉迷生成式人工智能服務⁸；
• 對使用者的輸入信息和使用記錄應當依法履行保護義務⁹，並依法及時受理和處理個人關於查閱、複製、更正、補充、刪除其個人信息等的請求¹⁰；
• 按照《互聯網信息服務深度合成管理規定》對圖片、視頻等生成內容進行標識¹¹；
• 如發現使用者利用生成式人工智能服務從事違法活動的，應當依法依約採取警示、限制功能、暫停或者終止向其提供服務等處置措施，保存有關記錄，並向有關主管部門報告¹²；
• 提供具有輿論屬性或者社會動員能力的生成式人工智能服務的，應當按照國家有關規定開展安全評估，並按照《互聯網信息服務算法推薦管理規定》履行算法備案和變更、注銷備案手續¹³。

法律責任

另外，網信部門和國家有關主管部門若發現提供者違反《辦法》的規定，將可按照《數據安全法》、《網絡安全法》、《個人信息保護法》和《科學技術進步法》等法律、行政法規予以處罰。法律、行政法規沒有規定的，有關主管部門可依據職責給予警告、通報批評，責令限期改正；拒不改正或情節嚴重的，則可責令暫停提供其生成式人工智能服務。構成違反治安管理行為的，將依法給予治安管理處罰；構成犯罪的，將依法追究刑事責任¹⁴。

總結

總括而言，《辦法》明確了促進生成式人工智能技術發展的具體措施，透過進一步規範數據處理等活動，落實國家重視通用人工智能健康發展和營造創新生態的精神¹⁵。在實行包容審慎和分類分級的監管前提下，《辦法》較《徵求意見稿》提供了更為清晰的落地指引和要求。有關服務提供者和使用者宜細閲最新規則，參照《辦法》制定合規制度和流程。

¹ 全文：http://www.cac.gov.cn/2023-07/13/c_1690898327029107.htm

² 第2條 – 行業組織、企業、教育和科研機構、公共文化機構、有關專業機構等研發、應用生成式人工智能技術，未向境內公眾提供生成式人工智能服務的，不適用《辦法》的規定。

³ 第22 條

⁴ 第4條

⁵ 第7條 – 例如：使用具有合法來源的數據和基礎模型，采取有效措施提高訓練數據質量，增強訓練數據的真實性、準確性、客觀性、多樣性等。

⁶ 第8條

⁷ 第9條

⁸ 第10條

⁹ 包括不得收集非必要個人信息，不得非法留存能夠識別使用者身份的輸入信息和使用記錄和不得非法向他人提供使用者的輸入信息和使用記錄。

¹⁰ 第11條

¹¹ 第12條

¹² 第14條

¹³ 第17條

¹⁴ 第21條 

¹⁵ https://www.gov.cn/zhengce/202307/content_6892001.htm

RECOMMENDED TRAININGS

Professional Workshop on Data Protection in Banking / Financial Services

With the rapid development and extensive use of fintech in recent years, practitioners of the banking and financial industry may face different data privacy issues in their business operations. To prepare for the new challenges, industry practitioners should have a clear understanding of the requirements under the PDPO. This workshop examines the risks of handling personal data in the daily operations of banking and financial services organisations, and provides practical advice on how to deal with these issues effectively.

Date: 6 September 2023 (Wednesday)

Time: 2:15pm – 5:15pm

Fee: $750/$600*

(*Members of the DPOC and the supporting organisations may enjoy the discounted fee)

Language: Cantonese

Who Should Attend: Data protection officers, compliance officers, company secretaries, solicitors, advisers and other personnel undertaking work relating to the banking/financial industry.

Professional Workshop on Data Protection in Direct Marketing Activities

Organisations often use customers’ personal data to conduct direct marketing activities to promote products or services. These activities are governed by the PDPO. In order to protect customers’ personal data privacy, organisations have the responsibility to ensure that their employees clearly understand and comply with the provisions on direct marketing under the PDPO. This also helps organisations maintain a positive reputation and demonstrate their corporate social responsibility.

This workshop will explain in detail the requirements of the direct marketing provisions under the PDPO and provide participants with practical guidance on compliance and share conviction cases relating to direct marketing, aiming to help participants understand how to properly use customers’ personal data in direct marketing activities. 

Date: 13 September 2023 (Wednesday)

Time: 2:15pm – 5:15pm

Fee: $750/$600*

(*Members of the DPOC and the supporting organisations may enjoy the discounted fee)

Language: Cantonese

Who should attend: Data protection officers, compliance officers, company secretaries, administration managers, IT managers, solicitors, database managers and marketing professionals.

Professional Workshop on Data Protection in Human Resource Management

Proper, lawful and smart management of employees’ personal data is an indispensable quality of a good human resource management professional. Since job applicants, current and former employees may request access to their personal data kept by organisations from time to time, employers or human resource management professionals have to ensure compliance with the requirements of the PDPO when they collect and handle data of their employees. On the other hand, employers should meet public expectations to constantly protect and respect their employees’ personal data privacy. This workshop enables participants to learn how to handle different scenarios and strengthen their knowledge of data protection in human resource management.

Date: 27 September 2023 (Wednesday)

Time: 2:15pm – 5:15pm

Fee: $750/$600*

(*Members of the DPOC and the supporting organisations may enjoy the discounted fee)

Language: Cantonese

Who should attend: Human resource officers, data protection officers, compliance officers, solicitors, administration managers, recruitment agents.

Other Professional Workshops on Data Protection from October to December 2023:

Online Free Seminar – Introduction to the PDPO Seminar

The PCPD organises free introductory seminars regularly to raise public awareness and their understanding of the PDPO. Details of the upcoming session shows below:

Seminar Outline:

• A general introduction to the PDPO;
• The six Data Protection Principles;
• Offences and compensation;
• Direct marketing; and
• Q&A session. 

Arrange an In-house Seminar for Your Organisation 

Teaching employees how to protect personal data privacy is increasingly recognised as an important part of employee training. If you wish to arrange an in-house seminar for your organisation to learn more about the PDPO and data privacy protection, you can make a request for an in-house seminar via our online form.

The seminar outline is as follows:

• A general introduction to the PDPO;
• The six Data Protection Principles (industry-related cases will be illustrated);
• Handling of data breach incidents;
• Direct marketing;
• Offences and compensation; and
• Q&A session.

Duration: 1.5 hours

Renewal of DPOC’s Membership

Renew your DPOC membership today and continue to enjoy privileged access to course enrolments throughout the year!

Special offer for organisational renewals:

Organisations can join the 2-for-1 scheme, which enables you to receive two memberships for the price of one annual fee (HK$350).

Renew your membership now to keep up-to-date with the latest news and legal developments!

SUPPORTING EVENT

PCPD Supports the Hong Kong Volunteer Award 2023

The PCPD is delighted to be one of the supporting organisations of the Hong Kong Volunteer Award, co-organised by the Home and Youth Affairs Bureau and the Agency for Volunteer Service, which is dedicated to recognising the contributions and achievements of outstanding volunteers and teams, young people, corporations, organisations from various sectors, cross-sectoral partnership projects, estates, and schools.

For more details, please click here.

SUGGESTION BOX

The PCPD values the opinions of all our DPOC members. We love to hear your ideas and suggestions on what privacy topics you would like to learn more about. Email your thoughts to us at dpoc@pcpd.org.hk and we shall include the most popular topics in our future e-newsletters.

Contact Us

Address: Unit 1303, 13/F, Dah Sing Financial Centre, 248 Queen's Road East, Wanchai, Hong Kong

Tel: 2827 2827

If you do not wish to receive the PCPD e-Newsletter, please click here to unsubscribe.
 

Copyright

Disclaimer

The information and suggestions provided in this publication are for general reference only. They do not serve as an exhaustive guide to the application of the law. The Privacy Commissioner makes no express or implied warranties of accuracy or fitness for a particular purpose or use with respect to the information and suggestions set out in this publication. This publication also contains information or suggestions contributed by others, whose views or opinions are solely those of the contributors and do not necessarily reflect or represent those of the Privacy Commissioner. All information and suggestions provided in this publication will not affect the functions and powers conferred upon the Privacy Commissioner under the Personal Data (Privacy) Ordinance.

The PCPD shall not be liable for any damages (including but not limited to damages for loss of business or loss of profits) arising in contract, tort or otherwise from (i) the use of or inability to use this publication or its content, or (ii) from any action taken or decision made on the basis of the content of this publication.

If you click any hyperlink in this publication that brings you to sites operated by other organisations, the PCPD accepts no responsibility for the contents of those sites and shall not be liable for any loss or damage arising out of and/or incidental to the use of the contents.