|
|
|
|
|
|
|
|
“Trust, Respect and Ethics in Managing Data are Crucial in Building a Better Future for Digital Economy” - Privacy Commissioner Delivers Keynote Speech at the GSMA Mobile World Congress in Barcelona, Spain (7 March 2018)
|
|
|
|
|
|
|
|
|
|
|
|
DPOC has always been an effective platform where members can share good practices and learn from each other. We cordially invite members to share your strategies and practices in data protection by contributing articles and/or photos of your successful campaigns to us. Please click “Share with us” to let us know your good practice!
|
|
|
|
|
|
|
|
|
|
Professional Workshop on Privacy Management Programme (20 March 2017)
The results of a recent incident of the massive data breach by a government department revealed that it is of paramount importance for organisations to adopt holistic and encompassing Privacy Management Programme (PMP) that ensure robust privacy policies and procedures are in place.
This workshop will highlight the key features of “Privacy Management Programme – A Best Practice Guide”. Participants will be able to understand the baseline fundamentals and components of a PMP and how to maintain and improve it on an ongoing basis.
|
|
|
|
|
|
|
|
Physical Tracking and Monitoring Through Electronic Devices
The leaflet addresses the personal data privacy concerns arising from tracking and monitoring through electronic devices, and provides the best practice recommendations on Privacy Impact Assessment.
|
|
|
|
|
|
|
|
Are you ready for the implementation of European Union General Data Protection Regulation?
In order to help organisations understand the standards and the possible impact on their operations of the European Union (EU) General Data Protection Regulation (GDPR) which will come into effect in May 2018, the PCPD will organise or co-organise with third parties activities in relation to the education and promotion on the EU GDPR. Please complete and send the opt-in form to us to receive information on the activities described above.
|
|
|
|
|
|
|
|
A school refused data access requests made by two teachers without carefully considering whether the exemptions of sections 58(1)(d), (e) and (f) were applicable.
The Complaint
Two Complainants, who were teachers at the school concerned, made data access requests ("the DARs") to the school for their personal data contained in documents in relation to disciplinary action carried out by the school against them. The DARs were refused by the school on the ground that the requested data was exempt from sections 58(1)(d), (e) and (f) of the Ordinance. The Complainants were dissatisfied with the school’s replies and lodged complaints with the PCPD against the school.
During the course of the investigation, the school submitted that provision of the concerned documents would reveal the identities of the students and teachers who had complained against the Complainants and that complying with the DARs would prejudice the purpose of rectifying the improper conduct and the monitoring of the behaviour of the Complainants. The school thus invoked section 58(1)(d) of the Ordinance to refuse to comply with the DARs. The school further submitted that the disclosure of the concerned documents to the Complainants would result in significant loss to the school within the terms of section 58(1)(e) of the Ordinance, that the morale of the teaching staff would be adversely affected, and that the school might be subject to litigation/legal action by the parties whose identities were thereby revealed. The school also relied on section 58(1)(f) of the Ordinance that the concerned documents were held to ascertain whether the misconduct of the Complainants was likely to have a significant adverse impact on the school in the exercise of its management functions.
|
|
|
|
|
Outcome
The Privacy Commissioner took the view that, in respect of the applicability of section 58(1)(d) of the Ordinance, the behaviour of the Complainants did not amount to "serious improper conduct", as the disciplinary action taken against them was merely a warning.
Furthermore, the school only speculated about "significant financial loss". The Privacy Commissioner considered that the potential "loss" asserted was too remote and did not satisfy the requirement of section 58(1)(e) of the Ordinance. Likewise, as the school had failed to prove how the misconduct of two individual teaching staff would have a significant adverse impact on the school’s management functions, and the Privacy Commissioner dismissed the ground for exemption under section 58(1)(f) of the Ordinance. Hence, the Privacy Commissioner concluded that the school had failed to fulfil the statutory requirements of section 19(1) of the Ordinance.
An enforcement notice was served on the school directing it to comply with the DARs and devise guidelines for handling DARs for its staff to follow. The school agreed with the direction given by the Privacy Commissioner and complied with the enforcement notice accordingly.
|
|
|
|
|
|
|
|
|
|
|
|
Q: What is PMP?
A: PMP serves as a strategic framework to assist an organisation in building a robust privacy infrastructure supported by an effective on-going review and monitoring process to facilitate compliance with the requirements under the Ordinance. It also demonstrates the organisation’s commitment to good corporate governance and building trust with its employees and customers through open and transparent information policies and practices.
|
|
|
|
|
|
Q: What are the benefits of implementing a PMP?
A: The benefits are:
- It provides an effective way for organisations to assure themselves of compliance.
- It helps foster a privacy respectful culture throughout an organisation.
- This is conducive to building trustful relationships with customers, employees, shareholders and regulators.
- An organisation that has a strong privacy management programme may enjoy an enhanced reputation that gives it a competitive edge.
Q: What are the Programme Controls under PMP?
A: The Programme Controls are:
- Personal Data Inventory
- Policies
- Risk Assessment Tools
- Training & Education Requirements
- Breach Handling
- Data Processor Management
- Communication
|
|
|
|
|
|
|
|
|
|
Tips on Log-in Information
Understand what precautions to take to protect your user name and password.
|
PCPD Youtube Channel
You can find a series of educational videos here promoting awareness of data privacy protection.
|
Response to Media Enquiry or Report
You can visit our website to view PCPD’s response to enquiry on latest privacy-related issues.
|
|
|
|
|
|
For enquiry, please contact us.
Address: 12/F, Sunlight Tower, 248 Queen's Road East, Wan Chai, Hong Kong Tel: (852) 2877 7171
You are receiving our e-Newsletters because you are a current member of the DPOC and it is one of the membership privileges that we provide. If you do not wish to receive them, please click here to unsubscribe.
|
|
|
|
