Skip to content

Professional Workshops

Professional Workshops

Data Protection in Human Resource Management

This workshop is designed for human resource practitioners learning how to meet the requirements under the Personal Data (Privacy) Ordinance ("the Ordinance") in handling large amount of employees’ personal data in the different phases of employment process.

Human resource practitioners handle a large amount of employee data in the course of their work. The collection, use and retention of employee data carry significant legal responsibilities and risks. It is therefore a great challenge for human resource practitioners to meet the requirements under the Ordinance and the Code of Practice on Human Resource Management. Participants will learn the good practices in handling personal data in each phase of the employment process.

Who should attend : Human Resource Officers, Data Protection Officers, Compliance Officers, Solicitors, Administration Managers, Recruitment Agents.

Course outline:

  • What are the general requirements for the collection and retention of personal data, and ensuring their accuracy and security in each phase of the employment process
  • What are the requirements of the Code of Practice on Human Resource Management
  • Collection of personal data in recruitment process e.g. medical data, reference data
  • What is "Blind Recruitment Advertisement"
  • What are the restrictions on keeping personal data, setting appropriate periods of time for keeping information
  • What are the legal requirements in transferring personal data to third parties
  • Collection of biometrics data
  • How to handle a Data Access Request by job applicants or employees
  • What are the requirements for engaging in employee monitoring activities

Data Protection in Direct Marketing Activities

This workshop focuses on the collection and use of personal data for direct marketing purposes. You will learn how to comply with the new guidance on direct marketing activities under the Personal Data (Privacy) Ordinance ("the Ordinance") and put this into context with your responsibilities in the company.

Direct marketing is widely adopted by different types of organisations in promoting their products and services. In Hong Kong, the use of personal data in direct marketing activities is governed by the Ordinance. The new provisions under the Ordinance will impose tighter regulation on the use and provision of personal data in direct marketing with much heavier penalties in case of contravention.

This workshop provides a practical approach to the compliance of the new regulatory regime of direct marketing and provides hands-on and practical guidance to data users.

Who should attend: Data Protection Officers, Compliance Officers, Company Secretaries, Administration Managers, IT Managers, Solicitors (in house or private practice), Database Managers, Marketing Professionals.

Course outline:

  • What is "Direct Marketing" under the Ordinance - understanding the new guidance on direct marketing activities
  • Collection of personal data from different sources for direct marketing purpose
  • Overarching principles of using personal data for direct marketing purpose under the Ordinance
  • Specific actions to be taken by data users before using/providing personal data to others for use in direct marketing and legal requirements involved
  • Grandfathering arrangement for pre-existing personal data
  • Offences and relevant penalties for contravention under the Ordinance
  • How to handle an "Opt-Out Request"
  • How to maintain the opt-out list

Data Protection and Data Access Request

This workshop provides practical guidance on issues relating to compliance with a Data Access Request ("DAR") raised by customers or employees.

There are stringent requirements for compliance with a DAR under the Personal Data (Privacy) Ordinance. Dealing properly and effectively with a DAR is a challenge for many organisations. This workshop will examine in details those requirements and offer guidance on the handling of a DAR.

Participants may already be dealing with DARs and want to review their handling or may never have dealt with DARs and want to develop processes. They will learn how to deal with DAR and avoid pitfalls. There will also be plenty of opportunity for questions during the workshop.

Who should attend: Solicitors, Data Protection Officers, Administration Managers, Human Resource Officers, Customer Services Personnel.

Course outline:

  • What is a DAR
  • What is subject to access under a DAR
  • Who may make a DAR
  • How to make a DAR
  • What should a data user do in order to comply with a DAR
  • Charges for a DAR
  • Grounds for refusing to comply with a DAR
  • Steps to take in refusing to comply with a DAR
  • Protection for third party data when complying with a DAR
  • Consequences of breach of the DAR provisions

Legal Workshop on Data Protection

This workshop is aimed at anyone who wishes to acquire a solid grounding in the application and interpretation of the provisions of the Personal Data (Privacy) Ordinance ("the Ordinance").

Data protection compliance is an essential legal requirement for all organisations. It is therefore important to put data protection procedures in place to avoid losses caused by contravention of the requirements under the Ordinance. This practical workshop is for people who are charged with compliance with the Ordinance.

Who should attend: Solicitors, Barristers, Data Protection Officers, Compliance Officers, Company Secretaries, Administration Managers.

Course outline:

  • Examining core concepts of the Ordinance and its application
  • What is personal data and what amounts to collection of personal data
  • How the Ordinance applies to organisations as data users and how to meet those requirements
  • What are the general requirements for the collection and retention of personal data, and ensuring their accuracy and security
  • What are the restrictions on the use, disclosure or transfer of personal data
  • Offences for disclosing personal data obtained without consent
  • What steps to take when outsourcing the processing of personal data
  • What is a privacy policy
  • What is a data access request
  • Consequences of violation of the Ordinance
  • Analysis of real cases of contraventions of requirements under the Ordinance

Data Protection in Banking/Financial Services

This workshop examines the personal data privacy issues facing banking and financial personnel in their daily operation and provides practical steps that can be taken to deal with the issues effectively.

Banking and financial personnel face a lot of data protection challenges in a complex business world where the business can be cross-jurisdictional or multi-functional. This workshop will examine the requirements under the Personal Data (Privacy) Ordinance in different aspects of the banking and financial services and the practical ways to deal with them effectively.

Who should attend: Data Protection Officers, Compliance Officers, Company Secretaries, Solicitors, Advisers and other personnel undertaking work relating to the banking/financial industry.

Course outline:

  • An overview of the relevant requirements under the Ordinance
  • Liabilities of banks for acts of staff, agents and contractors
  • Useful pointers on Personal Information Collection Statement
  • Collection of identification document number from non-account holder
  • Accuracy of customer’s contact information
  • Retention and erasure of customers’ personal data
  • Outsourcing the processing of personal data
  • Transfer of personal data outside Hong Kong
  • Handling of customers’ personal data in debt collection
  • Protection of customers’ personal data collected during off-site marketing campaign
  • Handling of data access request from customers
  • Make privacy policies and practices generally available


Data Protection in Insurance

This Workshop is designed for insurance practitioners who wish to acquire the knowledge to protect customers’ personal data in providing insurance services to the public. The course will highlight the key features of "Guidance on the Proper Handling of Customers’ Personal Data for the Insurance Industry" and privacy issues specific to insurance institutions and insurance practitioners.

Insurance practitioners handle a large amount of customers’ personal data in their daily work e.g. name, telephone number, address, identity card number, health record, information contained in insurance application forms and insurance policies etc. It is essential that they understand and comply with the requirements under the Personal Data (Privacy) Ordinance ("the Ordinance") which apply to them in their capacities as the data users in the handling of personal data.

This workshop examines core concepts of practical data protection compliance illustrated by specific scenarios to highlight potential problems and their resolution. Participants will also engage in discussion of real cases relating to the handling of personal data in different aspects of insurance work.

Who should attend: Insurance Practitioners, Data Protection Officers, Compliance Officers, Solicitors, Advisers and other personnel undertaking work relating to the  Insurance Industry.

Course outline:

  • An overview of the data protection provisions
  • Liabilities of insurance companies and insurance practitioners
  • Useful pointers on Personal Information Collection Statement
  • Collection of customers’ medical data
  • Collection of Hong Kong identity card number and copy
  • Engagement of private investigators in insurance claims
  • Retention of customers’ personal data
  • Use of customers’ data for internal training
  • Security of customers’ personal data handled by staff and agents
  • Handling of data access requests from customers


Privacy Management Programme

Privacy and data protection cannot be managed effectively if they are merely treated as a legal compliance issue. Instead, organisational data users should embrace personal data privacy protection as part of their corporate governance responsibilities and apply them as a business imperative throughout the organisation.  To this end, the formulation and maintenance of a comprehensive Privacy Management Programme (PMP) is of paramount importance.

This course will highlight the key features of “Privacy Management Programme – A Best Practice Guide”.  Participants will be able to understand the baseline fundamentals and components of a PMP and how to maintain and improve it on an ongoing basis.

Who should attend: Data protection officers, compliance professionals, company secretaries, solicitors, executives from business and public sectors, and those who are interested in keeping abreast of the data protection trend and best practices.

Course outline:
  • What is PMP
  • Baseline Fundamentals of a PMP
  • Ongoing Assessment and Revision
  • How to develop your own PMP


Data Protection in Retail Operation

This workshop examines various issues of business areas in the retail field which involve collection and handling of personal data and provides practical steps and tips with an aim to help the practitioners in the retailing sector to do their job efficiently without violating the Personal Data (Privacy) Ordinance.

Currently about 260,200 persons are engaged in the retail industry, accounting for 10% of the working population of Hong Kong. Retailers are frequently required to collect and handle personal data of their customers and co-workers in their business operation for various purposes. This workshop will examine in different aspects of the retail operation and the practical ways to deal with them.

Who should attend: Data Protection Officers, Compliance Officers, Human Resources Officers, Store Managers and other personnel undertaking work relating to the retail industry.

Course outline:
  • Bonus Point Rewards/Membership Programmes
  • Lucky Draw Activities/Gift Redemptions
  • Direct Marketing/Social Network Marketing
  • Use of CCTV
  • Recruitment and Employment
  • Mobile Applications
  • Steps to prepare Personal Information Collection Statement and Privacy Policy Statement
  • Demonstration of online assessment tool


Practical Workshop on Data Protection Law

This workshop is aimed at anyone who wishes to acquire a solid grounding in the application and interpretation of the provisions of the Personal Data (Privacy) Ordinance (“the Ordinance”).
 
With the increase in public awareness on personal data protection, it becomes an important aspect for organisations to gain customers’ trust and confidence.   This workshop (to be conducted by experienced lawyers from the Office of the Privacy Commissioner for Personal Data) is for people who are charged with the responsibility in advising on compliance with the Ordinance to acquire solid knowledge through interactive participation. 

Who should attend: Solicitors, Barristers, In-house Legal Counsels, Data Protection Officers, Compliance Officers

Course outline:
  • Examining the application of the six data protection principles with special highlights on recent administrative appeals board and court cases.
  • Problems frequently encountered by organisations dealing with personal data, including:-
    • What are the points to consider when drafting a personal information collection statement?
    • How to respond to requests by law enforcement agencies for disclosure of employees' or customers’ personal data?
    • What are the key aspects to be included in a privacy policy statement?
    • What are the special requirements in complying with or refusing to comply with a data access/correction request?
    • How to comply with the direct marketing requirements in a joint marketing campaign?
    • What are the steps to take when outsourcing the processing of personal data to agents located in or outside Hong Kong?
  • Consequences of breach of the Ordinance and liabilities of key officers
  • Case studies and discussion