30 / 32
PCPD News
私隱專員公署通訊
•
Issue no. 29
30
Mark Your Diary
活動日誌
Resources Updates
資源快訊
Statistics
統計
Glossary
詞彙
Technology Updates
科技新知
工作間的自携電子
裝置政策
Bring-Your-Own-
Device Policy at
workplace
如你的機構容許員工使用私人流動裝置或便携裝置處理公務,你必須明白這些裝置所帶來的私隱風險,例
如裝置是否符合機構的資訊安全標準,機構是否有方法追蹤流動裝置的使用情況和監察資料外洩事故。
If your organisation allows the use of private mobile or portable devices, you should realise that the risk of using such
device – whether they meet the organisation’s security standards, whether it is possible to track the uses and monitor
data breach incidents.
慎防經網站
洩露資料
Data breach
through w bsite
在互聯網上設有網站的機構,必須有在系統設計和管理、密碼設定、權限控制、網址和員工培訓等各方面採
取保安措施,把網站意外洩露資料的風險減至最低。
If your organisation has a website on the Internet, make sure that you take security measures in relation to the system
design and maintenance, password setting, access control, access parameters in the web address so as to minimise the
risk of data breach.
使用雲端運算
Cloud computing
在決定使用雲端運算處理個人資料前,必須明白有何個人資料私隱和保安風險或是否已詳細考慮公署的建
議以規範雲端服務供應商。
Before you decide to use Cloud computing to handle your organisation’s data, ensure that you are clear about the
risks you would encounter, and consider the PCPD’s recommendations on how to ensure their compliance with the
Ordinance.
網上營商
Doing business
online
機構在網上收集及處理個人資料;用社交媒體進行市場推廣;在社交網絡上提供客戶服務、人力資源管理,
以致分析目標顧客的資料以提升銷售效益等,這些活動都涉及個人資料的處理,應遵從條例規定。另外,如
機構使用取自公共領域的個人資料作新的用途,有機會違反資料用途方面的保障資料原則。
If your organisation engages in online activities from collecting and handling of personal data; social media marketing,
social network customer services, human resources management, to analysing the data of potential customers, you
will need to adhere to the requirement of the Ordinance. If you organisation uses personal data obtained from public
domain for new purposes, you should be aware of the risk of violating the data protection principle on data use.
培訓及資源
Training &
resources
你的機構必須有為員工,特別是內部資訊科技人員提供合適的培訓。委託應用程式開發商和其他服務承辦
商時應作相應的考慮和安排以確保個人資料私隱。
Make sure you provide suitable training for your staff, in particular internal IT staff. When you commission an app
developer or a service provider, make sure you have considered the relevant factors and make the appropriate
arrangement for data protection.