|
|
|
|
Privacy Commissioner Mr Stephen Wong
delivered the Opening Address entitled "Privacy Implications for
the Use of Data Analytics" at the Information Security Summit 2017
(15 August 2017)
|
|
|
|
|
Privacy Commissioner Mr Stephen Wong
delivered a presentation at the Hong Kong Airlines Business Leader
Forum entitled "Privacy Protection as a Key to Business Success" (8
August 2017)
|
|
|
|
|
|
|
Professional Workshops on Data
Protection
Limited seats available for Sep
courses!
These professional workshops are tailored to the
needs of those people wishing to deepen their knowledge of data
protection. Key features include:
- Analysis of each data protection
principle with relevant real-life scenarios
- Codes of Practice and Guidelines
- Updated guidance notes from the
PCPD
- Lessons learnt from real cases
- Recommended good practices
|
|
|
|
|
PCPD's
New Publication《注意!
這是我的個人資料私隱》(Watch
out! This is my personal data privacy) and "Personal Data (Privacy)
Law in Hong Kong - A Practical Guide on
Compliance
|
|
|
|
|
|
|
Guidance on CCTV Surveillance and Use of
Drones
The Guidance provides recommendations to data
users on using CCTV and drones from the perspective of protecting
personal data privacy.
|
|
|
|
|
|
A councillor's office making
publicity calls: should not use the contact information of citizens
seeking assistance for election publicity
purpose
The Complaint
The Complainant sought assistance from the regional office ("the
Office") of a councillor ("the Councillor")
concerning a cut in his government disability allowance, and
provided his name and telephone number ("the Data") to the Office
for handling of the case. Later, the Complainant received a call
from the political party to which the Councillor belonged, inviting
him to vote for a District Council Election candidate of that
political party (who was also an assistant of the Councillor) ("the
Candidate"). The Complainant filed a complaint with the PCPD
accusing the Candidate of using the Data for electioneering
purposes without the Complainant's consent.
In response to the PCPD's enquiry, the Candidate
admitted that his electioneering volunteer had contacted those
citizens who had connection with the Office (including the
Complainant) for District Council Election publicity purposes, and
that the Office had only verbally informed the Complainant that his
personal data would be used for "information transmission" purposes
when his data were originally collected.
|
|
|
|
|
Outcome
Generally
speaking, when people seeking assistance from a councillor's office
provide their personal data for handling their complaints or
requests, the data should not be used for election publicity
programmes conducted by the office staff. Hence, the use of the
Data for election publicity purposes by the Candidate was beyond
the original purpose of collection of the same.
Following the recommendations of the
Privacy Commissioner, the Candidate undertook that when
collecting citizens’ personal data, the Office would provide
them with a Personal Information Collection Statement ("PICS")
stating the use of the data and would supervise its volunteers to
ensure that they would not use the personal data for purposes
unrelated to those stated in the PICS without the prescribed
consent of the citizens.
|
|
|
|
|
|
|
|
Q: When dealing with cloud providers that offer only
standard services and contracts, you should
…
A. accept these as these are the services
which most companies are using
B. leave the cloud providers to propose the service
package
C. carefully evaluate whether the services and the contracts meet
all security and personal data privacy protection standards you
required
The correct answer is C. As both the cloud
computing technology and the market are evolving and maturing, not
all cloud providers may address the privacy issues effectively.
Your organisation should exercise due care and diligence to explore
the most suitable ways to comply with the Personal
Data (Privacy) Ordinance ("the Ordinance") having regard to
the characteristics and functions of cloud computing.
|
|
|
Q: If your organisation outsources
personal data processing work (e.g. engages a business services
company to administer your employee payroll function), which of the
following statement is correct?
|
|
|
A. You are not liable for the act done by your
contractor
B. You should adopt contractual or other means to prevent the
contractor from keeping the transferred data longer than is
necessary and to prevent data leakage
C. You should go with the lowest bidder. The track record on data
protection is not of priority.
The correct answer is B. Your organisation
should enter into a contract with your contractors and impose type
of obligations (e.g. security measures) or through other means
(e.g. select reputable contractor with good track record on data
protection) to ensure the contractors comply with the Ordinance.
Your organisation is liable as the principal for any act done by
your authorised contractors.
Extended
Reading:
Outsourcing the Processing of Personal Data to
Data Processors
|
|
|
|
|
|
Know Your Website
Cookies
Check with your browser
on how to configure the various cookie
settings.
|
PCPD’s Corporate
Video
With public
education as one of the PCPD’s priorities, this video is
developed to raise public awareness of personal data protection and
to highlight the work of the PCPD.
|
Industry-specific
Resources
A number of compliance assistance and good
practice resources are developed for specific
industries.
|
|
|
|
For enquiry, please contact us.
Address: 12/F, Sunlight Tower, 248 Queen's Road East, Wan Chai,
Hong
Kong
Tel: (852) 2877 7171
You are receiving our e-Newsletters because you are a
current member of the DPOC and it is one of the membership
privileges that we provide. If you do not wish to receive them,
please click here to unsubscribe.
|
|
|