|
|
|
|
|
|
Privacy Commissioner Mr Stephen Wong attended "Access to Justice Innotech Law Hackathon" Post-Competition Workshop organised by The Law Society of Hong Kong (21 June 2018)
Privacy Commissioner Mr Stephen Wong attended "Access to Justice (A2J) Innotech Law Hackathon" Post-Competition Workshop.
The Hackathon was the first A2J-focused legaltech event in Asia. The competition brought together talents to collaborate and develop innovative technology-enabled solutions in a cross-disciplinary approach, aiming to address issues in community justice and access to legal services faced by the general public, legal service providers and community service organisations in Hong Kong. Mr Wong supported the Hackathon by attending both its opening ceremony in April and the Post-Competition Workshop in June, offering guidance on related data privacy protection to the participants.
|
|
|
|
|
|
|
|
Privacy Commissioner Mr Stephen Wong delivered a presentation for the 12th Advanced Programme for Chinese Senior Judges organised by the Centre for Judicial Education and Research of the City University of Hong Kong titled "Personal Data Protection in Hong Kong: the law and the system" (8 June 2018)
|
|
|
|
|
|
|
|
Police body fined for revealing identities of abuse victims in bulk email
Gloucestershire Police has been fined £80,000 by the UK Information Commissioner's Office (ICO) after sending a bulk email that identified victims of child abuse.
|
|
|
|
|
|
|
|
ICO responds to publication of audit into Deep Mind
In July 2017, the ICO ruled the Trust failed to comply with the Data Protection Act when it provided patient details to Google DeepMind, an app designed to help patients with kidney injury.
|
|
|
|
|
|
|
|
|
|
Introduction to the Personal Data (Privacy) Ordinance Seminar
Jul - Dec 2018 seminars are now open for enrolment!
To raise public awareness and their understanding of the Personal Data (Privacy) Ordinance (the Ordinance), the PCPD organises introductory seminars on the Ordinance twice a month.
Outlines:
- A general introduction to the Ordinance
- The six data protection principles
- Direct Marketing
- Offences & Compensation
|
|
|
|
|
|
|
|
Bring Your Own Device (BYOD)
This infomration leaflet highlights the personal data privacy risks that an organisation needs to be aware of when it develops a BYOD policy. It also suggests best practices in allowing employees to use BYOD equipment to access and work with the corporate system that contains personal data.
|
|
|
|
|
|
|
|
Data Protection Principle 6 – Access to Personal Data
Non-compliance with data access request.
The Complaint
An ex-employee of a statutory body (the organisation) made a data access request (the DAR) to the organisation for a copy of his personal data relating to his employment. Since the requestor did not receive any response from the organisation several months after he submitted his DAR, he contacted a staff of the organisation. Though the staff clearly confirmed to the requestor that the requested data were ready for dispatch, the requestor was subsequently informed that all of the requested data were already destroyed.
|
|
|
|
|
Outcome
1. Reasoning
During the enquiry stage of this complaint, the organisation insisted that the requested data were already destroyed. However, the organisation was unable to provide any substantial evidence to support its version. After the PCPD had carried out an investigation, the organisation suddenly claimed to have discovered the requested data but gave varying reasons to justify its failure to comply with the DAR at different times.
Section 19(1) of the Ordinance requires the data user to comply with such request not later than 40 days after receiving the request.
Having regard to the circumstances of the case, in particular of the development of the case and the trustworthiness of the statements provided by the organisation’s staff concerned, the PCPD had reasonable grounds to believe that the organisation might in fact withhold the requested data at all material time when they received the DAR. Though the organisation subsequently provided the requestor with a copy of the requested data, the PCPD ruled that the organisation had contravened section 19(1) of the Ordinance as the requested data were supplied to the requestor far beyond the 40 days' statutory requirement.
2. Action by the PCPD
Since the organisation subsequently provided the requested data to the requestor, serving an enforcement notice under section 50 of the Ordinance under the circumstances of the case is unnecessary. Nevertheless, the organisation was seriously warned and reminded to comply with the relevant requirements of the Ordinance when handling data access requests in future.
|
|
|
|
|
|
|
|
|
|
Q: What is online tracking?
A: Website operators/owners often collect information regarding their users' online interaction with the websites. Information such as user's identity, display and/or language preference, web pages visited, items purchased, and transactions performed may be collected and recorded.
|
|
|
|
Q: What are the main reasons that online behavioural tracking may be a concern for website users?
|
|
|
|
A: The reasons are:
- Website users' information or browsing habits are often collected by the website operator/owner without website users' knowledge or consent;
- Website users' information or browsing habits may even be collected by a third party without website users' knowledge or consent;
- The collected information may be transferred to other parties by the website operators/owners or the third party without website users' knowledge or consent;
- Information about a website user collected from one website may be combined with information collected from other websites or sources about that user, thus building his/her profile without his/her knowledge;
- The purpose of collecting the information is not made clear to the website users. Even if this has been made clear, website users are not offered the option to opt out of the use.
Q: What are the recommended practices to organisations on using cookies?
A: Where cookies are used to collect behavioural information, the following additional best practices are recommended:
- To pre-set a reasonable expiry date for cookies;
- To encrypt the contents of cookies whenever appropriate; and
- Not to deploy techniques such as Flash/zombie/super cookies that ignore browser settings on cookies unless organisations can offer an option to website users to disable or reject such cookies.
|
|
|
|
|
|
|
|
|
|
Data Privacy at the Workplace
Bring-your-own-device is a growing trend as the use of personal mobile devices for both personal and work purposes is ubiquitous.
Misuse or mishandling of mobile devices increase risk of data breach such as leakage or loss.
|
Supporting /
Community Events
Know more about the latest supporting/ community events of the PCPD.
|
Complaint Case Notes
A summary of the outcome of selected complaints are provided in this section. The information offers guidance to individuals and organisations on the application of the Ordinance in a variety of situations.
|
|
|
|
|
|
For enquiry, please contact us.
Address: Unit 1303, 13/F, Sunlight Tower, 248 Queen's Road East, Wan Chai, Hong Kong Tel: (852) 2877 7171
You are receiving our e-Newsletters because you are a current member of the DPOC and it is one of the membership privileges that we provide. If you do not wish to receive them, please click here to unsubscribe.
|
|
|
|
