|
Data Protection in Human Resource Management
This workshop is designed for human resource practitioners learning how to meet the requirements under the Personal Data (Privacy) Ordinance ("the Ordinance") in handling large amount of employees' personal data in the different phases of employment process.
Human resource practitioners handle a large amount of employee data in the course of their work. The collection, use and retention of employee data carry significant legal responsibilities and risks. It is therefore a great challenge for human resource practitioners to meet the requirements under the Ordinance and the Code of Practice on Human Resource Management. Participants will learn the good practices in handling personal data in each phase of the employment process.
Who should attend: Human Resource Officers, Data Protection Officers, Compliance Officers, Solicitors, Administration Managers, Recruitment Agents.
Course outline:
- What are the general requirements for the collection and retention of personal data, and ensuring their accuracy and security in each phase of the employment process
- What are the requirements of the Code of Practice on Human Resource Management
- Collection of personal data in recruitment process e.g. medical data, reference data
- What is "Blind Recruitment Advertisement"
- What are the restrictions on keeping personal data, setting appropriate periods of time for keeping information
- What are the legal requirements in transferring personal data to third parties
- Collection of biometrics data
- How to handle a Data Access Request by job applicants or employees
- What are the requirements for engaging in employee monitoring activities
Data Protection in Direct Marketing Activities
This workshop focuses on the collection and use of personal data for direct marketing purposes. You will learn how to comply with the new guidance on direct marketing activities under the Personal Data (Privacy) (Amendment) Ordinance 2012 ("the Amendment Ordinance") and put this into context with your responsibilities in the company.
Direct marketing is widely adopted by different types of organizations in promoting their products and services. In Hong Kong, the use of personal data in direct marketing activities is governed by the Personal Data (Privacy) Ordinance. The new provisions under the Amendment Ordinance will impose tighter regulation on the use and provision of personal data in direct marketing with much heavier penalties in case of contravention.
This workshop provides a practical approach to the compliance of the new regulatory regime of direct marketing and provides hands-on and practical guidance to data users.
Who should attend: Data Protection Officers, Compliance Officers, Company Secretaries, Administration Managers, IT Managers, Solicitors (in house or private practice), Database Managers, Marketing professionals.
Course outline:
- What is “Direct Marketing” under the Amendment Ordinance - understanding the new guidance on direct marketing activities
- Collection of personal data from different sources for direct marketing purpose
- Overarching principles of using personal data for direct marketing purpose under the Amendment Ordinance
- Specific actions to be taken by data users before using/providing personal data to others for use in direct marketing and legal requirements involved
- Grandfathering arrangement for pre-existing personal data
- Offences and relevant penalties for contravention under the Amendment Ordinance
- How to handle an "Opt-Out Request"
- How to maintain the opt-out list
Data Protection and Data Access Request
This workshop provides practical guidance on issues relating to compliance with a Data Access Request (“DAR”) raised by customers or employees.
There are stringent requirements for compliance with a DAR under the Personal Data (Privacy) Ordinance. Dealing properly and effectively with a DAR is a challenge for many organizations. This workshop will examine in details those requirements and offer guidance on the handling of a DAR.
Participants may already be dealing with DARs and want to review their handling or may never have dealt with DARs and want to develop processes. They will learn how to deal with DAR and avoid pitfalls. There will also be plenty of opportunity for questions during the workshop.
Who should attend: Solicitors, Data Protection Officers, Administration Managers, Human Resource Officers, Customer Services Personnel.
Course outline:
- What is a DAR
- What is subject to access under a DAR
- Who may make a DAR - How to make a DAR
- What should a data user do in order to comply with a DAR
- Charges for a DAR
- Grounds for refusing to comply with a DAR
- Steps to take in refusing to comply with a DAR
- Protection for third party data when complying with a DAR
- Consequences of breach of the DAR provisions
Legal Workshop on Data Protection
This workshop is aimed at anyone who wishes to acquire a solid grounding in the application and interpretation of the provisions of the Personal Data (Privacy) Ordinance ("the Ordinance").
Data protection compliance is an essential legal requirement for all organizations. It is therefore important to put data protection procedures in place to avoid losses caused by contravention of the requirements under the Ordinance. This practical workshop is for people who are charged with compliance with the Ordinance.
Who should attend: Solicitors, Barristers, Data Protection Officers, Compliance Officers, Company Secretaries, Administration Managers.
Course outline:
- Examining core concepts of the Ordinance
- How the Ordinance applies to organizations as data users and how to meet those requirements
- What are the general requirements for the collection and retention of personal data, and ensuring their accuracy and security
- What are the restrictions on the use, disclosure or transfer of personal data
- What is a privacy policy
- What is a Data Access Request
- Consequences of violation of the Ordinance
- Complaint handling process of the Office of the Privacy Commissioner for Personal Data
- Analysis of real cases of contraventions of requirements under the Ordinance
Data Protection in Banking/Financial Services
This workshop examines the personal data privacy issues facing banking and financial personnel in their daily operation and provides practical steps that can be taken to deal with the issues effectively.
Banking and financial personnel face a lot of data protection challenges in a complex business world where the business can be cross-jurisdictional or multi-functional. This workshop will examine the requirements under the Personal Data (Privacy) Ordinance in different aspects of the banking and financial services and the practical ways to deal with them effectively.
Who should attend:Data Protection Officers, Compliance Officers, Company Secretaries, Solicitors, Advisers and other personnel undertaking work relating to the banking/financial industry.
Course outline:
- What are the general requirements for the collection and retention of personal data, and ensuring their accuracy and security
- How to state the purpose of data collection and classes of transferees clearly in the Personal Information Collection Statement
- How to devise a data retention policy
- What are the restrictions on the use, disclosure or transfer of personal data
- Disclosure of customers' personal data to law enforcement agencies
- What are the liabilities for acts of employees, agents and contractors
- What are the requirements for outsourcing processes that involve customers' personal data
- What are the liabilities for transferring customers' personal data outside Hong Kong
- What to do when customers' personal data are leaked
- Data Breach Notification - Consequences of violation of the Ordinance
Data Protection in Insurance
This Workshop is designed for insurance practitioners who wish to acquire the knowledge to protect customers' personal data in providing insurance services to the public. The course will highlight the key features of "Guidance on the Proper Handling of Customers' Personal Data for the Insurance Industry" and privacy issues specific to insurance institutions and insurance practitioners.
Insurance practitioners handle a large amount of customers' personal data in their daily work e.g. name, telephone number, address, identity card number, health record, information contained in insurance application forms and insurance policy etc. It is essential that they understand and comply with the requirements under the Personal Data (Privacy) Ordinance ("the Ordinance") which apply to them in their capacities as the data users in the handling of personal data.
This workshop examines core concepts of practical data protection compliance illustrated by specific scenarios to highlight potential problems and their resolution. Participants will also engage in discussion of real cases relating to the handling of personal data in different aspects of insurance work.
Who should attend:Insurance Practitioners, Data Protection Officers, Compliance Officers, Solicitors, Advisers and other personnel undertaking work relating to the Insurance Industry.
Course outline:
- An Overview of the data protection provisions
- Liabilities of insurance companies and insurance practitioners
- Useful pointers on Personal Information Collection Statement
- Collection of customers' medical data
- Collection of Hong Kong identity card number and copy
- Engagement of private investigators in insurance claims
- Collection and use of personal data in direct marketing
- Retention of customers' personal data
- Use of customers' data for internal training
- Access to, storage and handling of customers' personal data by staff and agents
- Handling of data access requests from customers
Data Protection in Internal IT Management
This Workshop is designed for in-house IT professionals who manage or develop IT systems that process personal data. The course examines Personal Data (Privacy) Ordinance ("the Ordinance") as it relates to IT security governance, personal data protection and relevant responsibilities of in-house IT professionals.
The Ordinance requires a data user to take all reasonably practicable steps to ensure that personal data held by it are protected against unauthorised or accidental access, processing, erasure or other use. As the majority of personal data held by data users are held in IT systems, the responsibility of ensuring the security of digital personal data often rests with data users' own IT professionals. This Workshop provides practical and holistic guidance for IT practitioners to learn the top-down management model of personal data system protection and would like to know more about the basic principles of personal data system.
Who should attend: In-house IT Directors, Managers, Officers, Analysts, Programmers who are interested in or have responsibility over personal data system protection.
Course outline:
- What are the core concepts of the Ordinance and its relationship to IT management
- Personal data system protection principles
- What is Privacy by Design
- Requirements on organisations to keep data secure, and how those requirements may be met
- Legal requirements on the matching of personal data
- Use of the Internet to collect personal data
- Legal implications on the use of service providers to handle/process personal data
- Data breach incident management and data breach notification
Latest ICT and Data Protection
This Workshop is designed for IT professionals who are interested in the deployment of the latest Information and Communication Technology ("ICT"). The course examines Personal Data (Privacy) Ordinance ("the Ordinance") as it relates to IT security governance, personal data protection and relevant responsibilities for those who need to consider the use of the various technologies.
The Ordinance requires a data user to take all reasonably practicable steps to ensure that personal data held by it are protected against unauthorised or accidental access, processing, erasure or other use. As the majority of personal data held by data users are held in IT systems, the responsibility of ensuring the security of digital personal data often rests with IT professionals. This Workshop provides overview guidance for IT practitioners to understand what the considerations are when deploying the certain specific technologies.
Who should attend: In-house IT Directors, Managers, Officers, Analysts, Programmers who are interested in or have responsibility over personal data system protection.
Course outline:
- What are the core concepts of the Ordinance and its relationship to IT management
- Personal data system protection principles
- What is Privacy by Design
- What are the issues to address when considering the use of cloud computing
- What are the issues to address when considering the use of biometric applications
- What to consider when deploying portable storage devices
- What to consider when using the Internet to collect personal data
Executive Workshop Series: Direct Marketing Activities – Best Practices and Guidance on the New Law
Speaker^: Gabriela Kennedy
- Experienced privacy professional and qualified solicitor
- Experienced in providing expert advice on data protection compliance for high profile clients
Language: English
Outline of Contents: From a practitioner's perspective, this Executive Workshop helps bridge the gap between the daily reality of data privacy management and expectations of the customers.
- What is the impact of the new provisions on direct marketing activities?
- Have companies really got the grandfathering provisions right?
- Identify strategic business issue/areas of risk and share real cases; the dos and don'ts
- Best practices to ensure compliance
- Practical tips on how to build a privacy-respectful business culture
Who should attend: Advanced Data Protection Advisors, Company Legal Counsels, Chief Information Officers, Senior Business Executives
^ The speaker is invited to address the topic from a practitioner's perspective. She is not a member of PCPD staff and is not a commissioned consultant.
|
