|
|
|
|
|
|
|
|
Seminar on "How to Construct Comprehensive Privacy Management Programme" (Exclusively for DPOC members)
|
|
|
|
|
|
The PCPD has recently issued the "Best Practice Guide on Privacy Management Programme" (the Guide), which is a "2.0 version" of the 2014 issue. This seminar will take you through the concrete examples, charts, templates of questionnaire and checklist in the Guide to help you construct a comprehensive Privacy Management Programme (PMP) in your organisation.
|
|
|
|
Don't miss this chance to get the latest development of PMP. And be one of the first groups of people to experience our newly refurbished conference room, which is conveniently located at the heart of Wan Chai. Seats are limited!
|
|
|
|
|
|
|
|
|
|
Report: Facebook sought users' financial data on Messenger
|
|
|
|
Facebook has sought access to personal financial data conveyed through its Messenger programme between users of the social media platform and financial institutions, according to The Wall Street Journal.
|
|
|
|
|
|
|
|
More tech groups join calls to give consumers power over data
|
|
|
|
Two technology trade groups in United States released proposals for national consumer privacy regulations, adding to the chorus of businesses seeking to influence the growing momentum for stricter rules on how companies handle users’ personal information against the background of GDPR having coming into force.
|
|
|
|
|
|
|
|
Re. GDPR: Europe's new data law upends global online advertising
|
|
|
|
Europe’s new data privacy law has put a small army of tech firms that track people online in jeopardy and is strengthening the hand of giants such as Google and Facebook in the $200 billion global digital advertising industry.
|
|
|
|
|
|
|
|
|
|
Professional Workshop on Recent Court and Administrative Appeals Board Decisions - English Session (20 September 2018)
This workshop examines some recent decisions of the Hong Kong Court and Administrative Appeals Board which serve as legal authorities and practical examples in solving problems frequently encountered in compliance work. There will be in-depth discussion and up-to-date knowledge transferred to participants on the interpretation of commonly used provisions of the Personal Data (Privacy) Ordinance.
|
|
|
|
|
|
|
|
Professional Workshop on Data Protection in Human Resource Management (28 September 2018)
Human resource practitioners handle a large amount of employee data in the course of their work. The collection, use and retention of employee data carry significant legal responsibilities and risks. It is therefore a great challenge for human resource practitioners to meet the requirements under the Personal Data (Privacy) Ordinance and the Code of Practice on Human Resource Management.
Especially designed for human resource practitioners, this workshop examines the good practices in handling personal data in each phase of the employment process.
|
|
|
|
|
|
Singapore meets Hong Kong on data privacy protection and collaboration (11 September 2018).
|
|
|
|
|
|
|
|
|
|
Privacy Commissioner Mr Stephen Wong was invited to deliver a presentation at the "Tackling Cyberbullying: A Comparative and Interdisciplinary Symposium" hosted by the Law and Technology Centre of the Faculty of Law of the University of Hong Kong (4 September 2018).
|
|
|
|
|
|
|
|
|
|
Presentation of Privacy Commissioner Prize in Privacy and Data Protection Law 2017/18 to Recognise Student’s Outstanding Performance in Study of Personal Data Privacy Protection (3 September 2018).
|
|
|
|
|
|
|
|
|
|
|
|
DPOC has always been an effective platform where members can share good practices and learn from each other. We cordially invite members to share your strategies and practices in data protection by contributing articles and/or photos of your successful initiatives to us. Please click "Share with us" to let us know your good practice!
|
|
|
|
|
|
|
|
|
|
“Data Protection & Business Facilitation - Guiding Principles for Small and Medium Enterprises” Guidance Note
This Guidance Note helps small and medium enterprises understand and comply with the requirements of the Personal Data (Privacy) Ordinance by providing specific examples and practical advice according to their different business functions.
|
|
|
|
|
|
|
|
Data Protection Principle 4 - Security of personal data
A hospital mistakenly disclosed the medical condition of a patient to the patient’s mother though it had been requested to keep it confidential
The Complaint
After having been diagnosed with serious illness, the Complainant requested the hospital to keep his illness confidential. The hospital acceded to the request and recorded it on his chart board. However, the hospital’s nurse still telephoned the Complainant’s mother and disclosed his medical condition to her.
The hospital explained that stemmed from the necessity of transferring the Complainant to the Specialty Ward of another hospital. The nurse-in-charge intended to telephone the Specialty Ward for arranging the transfer according to the data on the Complainant’s chart board. However, the nurse mistakenly dialled the emergency contact number (i.e. the telephone number of the Complainant’s mother) on another page of the chart board and disclosed the Complainant’s illness to the call receiver (i.e. the Complainant’s mother) without first confirming that the receiver was a medical staff member of the Specialty Ward.
|
|
|
|
|
Outcome
Patients’ medical records are highly sensitive personal data and must be handled with extra care. As the hospital in this case had not taken all the practicable steps to ensure that its patient’s personal data was protected against unauthorised or accidental use, the Privacy Commissioner held that the hospital had contravened Data Protection Principle 4.
In the course of investigation, the hospital had given a warning to the nurse and issued a written notice to all medical staff requiring them to check the correctness of the telephone numbers of the receivers and confirm the receivers’ identities before disclosing patients’ medical records over the phone in future. The Privacy Commissioner issued a warning to the hospital urging it to clearly communicate the above requirements to its staff, and take practicable steps to ensure staff compliance so as to enhance staff’s compliance with the personal data protection under the Personal Data (Privacy) Ordinance.
|
|
|
|
|
|
|
|
|
|
Q: When customers place orders via a mobile app, can the organisation use the customers’ personal data to send marketing information to them without seeking customers' consent?
A. Yes
B. No
|
|
|
|
The correct answer is B. Data collected from customers who place orders via mobile apps can be used only for handling purchase orders. If organisations intend to use the data to send marketing information, they must obtain their customers’ prior consent, and the data can be used only for the classes of products or services agreed to by the customers.
|
|
|
|
Q: If an organisation engages an outsourcing agent to develop or operate a mobile app, which of the following is the appropriate policy for personal data retention?
|
|
|
|
A. Adopt contractual or other means to require the outsourcing agents to delete the personal data under specified circumstances and within a specified period.
B. Allow the outsourcing agents to decide how long to keep the personal data.
C. Allow the outsourcing agents to keep the data in their servers permanently.
|
|
|
|
The correct answer is A. If organisations engage outsourcing agents to handle personal data on their behalf, they should adopt contractual or other means to prevent the personal data from being kept by outsourcing agents longer than is necessary.
|
|
|
|
|
|
|
|
|
|
Supporting Events
Know more about the latest supporting events of the PCPD.
|
Privacy Management Programme
Embrace personal data protection as part of your corporate governance. You can also get the revised best practice guide of Privacy Management Programme here.
|
Tips on Log-in Information
Understand what precautions to take to protect your user name and password.
|
|
|
|
|
|
For enquiry, please contact us.
Address: Room 1303, 13/F, Sunlight Tower, 248 Queen's Road East, Wan Chai, Hong Kong Tel: (852) 2877 7179
You are receiving our e-Newsletter because you are a current member of the DPOC and it is a membership privilege we provide. If you do not wish to receive the e-Newsletter, please click here to unsubscribe.
|
|
|
|
