|
|
|
|
|
|
|
|
|
RTHK Programme "Talkabout" - Interview
with Privacy Commissioner Mr Stephen Wong: The Work of PCPD in 2017
(15 February 2018)
|
|
|
|
|
|
|
|
|
|
|
|
|
DPOC has always been an effective platform where
members can share good practices and learn from each other. We
cordially invite members to share your strategies and practices in
data protection by contributing articles and/or photos of your
successful campaigns to us. Please click “Share with
us” to let us know your good practice!
|
|
|
|
|
|
|
|
|
|
|
Professional
Workshop on Privacy Management Programme (20 March
2017)
The results of a recent incident of the massive
data breach by a government department revealed that it is of
paramount importance for organisations to adopt holistic and
encompassing Privacy Management Programme (PMP) that ensure robust
privacy policies and procedures are in place.
This workshop will highlight the key features of
“Privacy Management Programme – A Best Practice
Guide”. Participants will be able to understand the baseline
fundamentals and components of a PMP and how to maintain and
improve it on an ongoing basis.
|
|
|
|
|
|
|
|
|
Professional Workshops on Data
Protection in Insurance (26 March 2018)
Insurance practitioners handle a large
amount of customers' personal data in their daily work. It is
essential that they understand and comply with the requirements
under the Personal Data (Privacy) Ordinance (the Ordinance) which
apply to them in their capacities as the data users in the handling
of personal data.
The workshop is designed for insurance
practitioners who wish to acquire the knowledge to protect
customers' personal data in providing insurance services to the
public. During the workshop, core concepts of practical data
protection compliance illustrated by specific scenarios will be
examined to highlight potential problems and their resolution in
relation to the handling of personal data in different aspects of
insurance work.
|
|
|
|
|
|
|
|
|
Revised “Guidance for Mobile
Service Operators”
Mobile service operators handle enormous amount of
customers’ personal information. This revised guidance sets
out some illustrations and good practices for compliance with the
Ordinance.
|
|
|
|
|
|
|
|
|
Are you ready for the implementation
of European Union General Data Protection
Regulation?
In order to help organisations understand the
standards and the possible impact on their operations of the
European Union (EU) General Data Protection Regulation (GDPR) which
will come into effect in May 2018, the PCPD will organise or
co-organise with third parties activities in relation to the
education and promotion on the EU GDPR. Please complete and send
the opt-in form to us to receive information on the activities
described above.
|
|
|
|
|
|
|
|
|
Data Protection Principle 3 - Whether
the upload of the images to an online public platform is directly
related to the purpose of collection
Question from Enquirer
The enquirer considered the services provided by
the property management company to her residence substandard. For
the purposes of lodging a complaint about this with the company as
well as notifying other residents of her views, the enquirer
proposed to take pictures and video clips of the staff member who
was the subject of her complaint, and thereafter, possibly upload
the pictures and video clips to an online public platform.
|
|
|
|
|
|
|
PCPD’s
reply
The concerns relevant to this case are:
a. whether the images are "personal data"
governed by the Ordinance(s.2(1) of the Ordinance);
b. if so, whether the collection of the images are necessary
and fair (Data Protection Principle (DPP) 1(1) and DPP1(2) of
the Ordinance); and
c. whether the upload of the images is directly related to the
purpose of
collection (DPP3 of the Ordinance).
Uploading the images online would not appear to be
directly related to the original purpose of collection, i.e.
lodging a complaint with the property management company and
notifying other residents. Residents are encouraged to contact the
appropriate entities, i.e. the Incorporated Owners and/or the
property management company, to resolve the matter
pragmatically.
|
|
|
|
|
|
|
|
|
|
|
Q: What is a data breach?
A: A data breach is generally taken to be a
suspected breach of data security of personal data held by a data
user, exposing the data to the risk of unauthorised or accidental
access, processing, erasure, loss or use. It may amount to a
contravention of DPP4 – security of personal data of the
Ordinance.
|
|
|
|
|
Q: How should a data
breach be handled?
|
|
|
|
|
A: A data user shall take remedial actions to
lessen the harm or damage that may be caused to the data subjects
in a data breach. The following action plan is recommended for a
data user's consideration:
Step 1. Immediate gathering of
essential information relating to the breach
Step 2. Contacting the interested parties and
adopting containment measures
Step 3. Assessing the potential harm
Step 4. Considering the giving of data breach
notification
Q: What is a data breach
notification?
A: A data breach notification is a formal
notification given by the data user to the data subjects affected
and the relevant parties and regulators in a data breach, and is
useful in:
- drawing the affected data subjects'
attention to take proactive steps or measures to mitigate the
potential harm or damage, for example, to protect their physical
safety, reputation or financial position
- allowing the relevant authorities to
undertake appropriate investigative or follow up actions consequent
to the breach
- showing the data user’s
commitment to proper privacy management in adhering to the
principles of transparency and accountability
- increasing public awareness, for
example, in situations when public health or security is affected
by the data breaches
|
|
|
|
|
|
|
|
|
|
|
Doing Business
Online
How to make sure your
organisation complies with the Data Protection Principles of the
Ordinance while doing business online?
|
Online Assessment Tool
– Retail
How
the retail industry should protect personal data privacy? Start
testing yourself now!
|
Complaint Case Notes
A summary of the
outcome of selected complaints are provided in this section. The
information offers guidance to individuals and organisations on the
application of the Ordinance in a variety of situations.
|
|
|
|
|
|
|
For enquiry, please contact us.
Address: 12/F, Sunlight Tower, 248 Queen's Road East, Wan Chai,
Hong
Kong
Tel: (852) 2877 7171
You are receiving our e-Newsletters because you are a
current member of the DPOC and it is one of the membership
privileges that we provide. If you do not wish to receive them,
please click here to unsubscribe.
|
|
|
|
