Mr Erick TSANG Kwok-wai, IDSM, JP, Secretary for Constitutional and Mainland Affairs (fourth from right); Ms Ada CHUNG Lai-ling, Privacy Commissioner for Personal Data, Hong Kong (first from right); and Mr Stephen LOH Chan, Judging Panel Member (first from left) together with representatives of the five organisations awarded outstanding Gold Certificates.

100 Organisations Received the Inaugural Privacy-Friendly Awards 

The Office of the Privacy Commissioner for Personal Data, Hong Kong (PCPD) held the “Privacy-Friendly Awards 2021” (Awards) Presentation Ceremony on 4 March 2021 to recognise the efforts made by organisations in protecting personal data privacy. The Ceremony was live-streamed online.

Among the 100 award-winning organisations, 69 were awarded the Gold Certificate and 31 were awarded the Silver Certificate. Five organisations with exemplary performance in different areas were identified as outstanding Gold Certificate awardees. They are (in alphabetical order) Equal Opportunities Commission, The Hong Kong General Chamber of Small and Medium Business, Intellectual Property Department, Refinitiv Hong Kong Limited and Union Hospital.

The inaugural “Privacy-Friendly Awards” marks the 25th anniversary of the PCPD. The PCPD aims to promote the importance of the protection of personal data privacy through recognising the efforts made by organisations in protecting personal data privacy, and enabling public and private organisations as well as government departments to showcase their achievements in the protection of privacy.

Check out the videos of selected outstanding Gold Certificate awardees on the Awards website to learn more about their achievements!

PRIVACY 101

What is a data breach and how should it be handled? 

A data breach is generally taken to be a suspected breach of data security of personal data held by a data user, by exposing the data to the risk of unauthorised or accidental access, processing, erasure, loss or use. It may amount to a contravention of Data Protection Principle 4 (security of personal data) of the Personal Data (Privacy) Ordinance.

The PCPD recommends the following four actions in handling data breach incidents:

While it is not a statutory requirement for data users to inform the PCPD about a data breach incident concerning the personal data held by them, data users are nevertheless advised to do so as a recommended practice for proper handling of such incident.

Before making a data breach notification, you may refer to the "Guidance on Data Breach Handling and the Giving of Breach Notifications" published by the PCPD.

NEW PUBLICATIONS

"Personal Data (Privacy) Law in Hong Kong – A Practical Guide on Compliance"  – Order your Second Edition

The second edition of "Personal Data (Privacy) Law in Hong Kong – A Practical Guide on Compliance" has been published.

Order the book by 30 June 2021 to enjoy a 20% discount!

TECH TALK

Protecting your personal data when using IoT devices 

The Internet of Things (“IoT”) is the network of physical objects embedded with electronics, sensors and software that enable them to exchange data with each other via the Internet. Typical examples of IoT devices include Internet protocol cameras (IP Cam), fitness bands and smart TVs.

IoT devices with different features and designs may collect various data about a user. They may even infer other information about the user through data analysis. Some devices may request a user to register for an account before using them and hence the collected data may well be the user’s personal data.

Check out these six tips to protect your personal data while using IoT devices!

Find out more tips on the “Be SMART Online” thematic website:

WHAT'S ON

Privacy Commissioner's Cover Story Interview with Hong Kong Lawyer 

Privacy Commissioner Ms Ada CHUNG Lai-ling was interviewed by Hong Kong Lawyer to share her thoughts about her office’s important role as an enforcer, facilitator and educator under the Personal Data (Privacy) Ordinance. She also shared a number of key goals to achieve during her five-year term. The interview was published as the Cover Story of the March 2021 issue of Hong Kong Lawyer.

Privacy Commissioner’s Submission in response to the Consultation Paper on Real-name Registration for SIM Cards 

In response to the Government’s public consultation on the implementation of a Real-name Registration Programme for Subscriber Identity Module ("SIM") Cards, the PCPD has made a written submission to the Commerce and Economic Development Bureau on 17 March 2021.

Webinar on Protecting Personal Data under Work-from-Home Arrangements (19 March)

As Work-from-Home (WFH) arrangement may increase risks to personal data privacy and security, the PCPD held the “Webinar on Protecting Personal Data under Work-from-Home Arrangements” on 19 March 2021 to provide practical guidance to employers, employees, and users of video conferencing software. Well received, the webinar was attended by over 100 participants.

For more on this topic, please refer to the three Guidance Notes and the newly published posters on Protecting Personal Data under Work-from-Home Arrangements.

Privacy Commissioner interviewed in RTHK Radio 5 programme 

Privacy Commissioner Ms Ada CHUNG Lai-ling was interviewed in the RTHK Radio 5 programme “Elderly Academy – Elderly IT New Vision” (樂齡IT新視野) which was aired on 26 March 2021. She shared with the audience some tips on personal data privacy protection and prevention of doxxing when using social media.

RECOMMENDED ONLINE TRAINING

Online Seminar on the Protection of Personal Data Privacy in the Use of Information and Communications Technology

Organisations, large and small, handle vast amount of personal data in daily operation. Information and Communications Technology (ICT) is essential in processing large volume of personal data. Yet the improper use of ICT may pose risk of data breach and other privacy issues that may lead to irreparable damage to clients’ trust and the organisations’ reputation.

This seminar aims to provide practical advices to data users on how to protect personal data privacy when using ICT and answer questions from the audience.

Date: 9 April 2021 (Fri)

Time: 4:00pm - 5:30pm

Fee: $300

Language: Cantonese

Who should attend: Data protection officers, employers, administrators, IT professionals, HR managers

Key takeaways:

• Privacy-by-Design approach in customer interfacing, e.g. setting log-in information and passwords, online collection of customers’ personal data, using cookies, online payment, etc;
• Risk management measures to prevent data leakage; and
• Office privacy rubrics to enhance personal data privacy protection

Free Online Seminar: Introduction to the Personal Data (Privacy) Ordinance

Check out our FREE public online seminars to deepen your understanding of the Ordinance.

Date: 20 April 2021 (Tue)

Time: 3:00pm - 4:30pm

Language: Cantonese

Key Takeaways:

• A general introduction to the PDPO
• The six Data Protection Principles
• Offences & compensation
• Direct marketing
• Q & A session

Online Professional Workshop on Data Protection in Human Resource Management 

This workshop is designed for human resource practitioners who would like to learn how to meet the requirements under the Personal Data (Privacy) Ordinance in handling large amount of employees’ personal data in the different phases of employment process.

Date: 23 April 2021 (Fri)

Time: 2:15pm - 5:15pm

Fee: $750/$600*

(*Members of the Data Protection Officers' Club and the supporting organisations may enjoy the discounted fee)

Language: Cantonese

Who should attend: Human resource officers, data protection officers, compliance officers, solicitors, administration managers, recruitment agents

Course outline:

• What are the general requirements for the collection and retention of personal data, and ensuring their accuracy and security in each phase of the employment process?
• What are the requirements of the Code of Practice on Human Resource Management?
• Collection of personal data in recruitment process e.g. medical data, reference data
• What is "Blind Recruitment Advertisement"?
• What are the restrictions on keeping personal data, setting appropriate periods of time for keeping information?
• What are the legal requirements in transferring personal data to third parties?
• Collection of biometrics data
• How to handle a Data Access Request by job applicants or employees?
• What are the requirements for engaging in employee monitoring activities?
• Data Ethics

Online Practical Workshop on Data Protection Law 

This workshop is designed for those who wish to acquire a solid grounding in the application and interpretation of the provisions of the Personal Data (Privacy) Ordinance.

Date: 30 April 2021 (Fri)

Time: 2:15pm - 5:15pm

Fee: $950/$760*

(*Members of the Data Protection Officers' Club and the supporting organisations may enjoy the discounted fee)

Language: Cantonese

Who should attend: Solicitors, barristers, in-house legal counsels, data protection officers, compliance officers

Course outline:

• Examining the application of the six data protection principles with special highlights on recent cases of the Administrative Appeals Board and the court.
• Recent topical issues on data privacy
• Problems frequently encountered by organisations dealing with personal data, including:-
  • What are the points to consider when drafting a personal information collection statement?
  • How to respond to requests by law enforcement agencies for disclosure of employees' or customers’ personal data?
  • What are the key aspects to be included in a privacy policy statement?
  • What are the special requirements in complying with or refusing to comply with a data access/correction request?
  • How to comply with the direct marketing requirements in a joint marketing campaign?
  • What are the steps to take when outsourcing the processing of personal data to agents located in or outside Hong Kong?
• Consequences of breach of the Personal Data (Privacy) Ordinance and liabilities of key officers
• Case studies and discussion

Contact Us

Address: Room 1303, 13/F, Dah Sing Financial Centre, 248 Queen's Road East, Wanchai, Hong Kong

Tel: 2827 2827

If you do not wish to receive the PCPD e-Newsletter, please click here to unsubscribe.
 

Copyright

Disclaimer

The information and suggestions provided in this publication are for general reference only. They do not serve as an exhaustive guide to the application of the law. The Privacy Commissioner makes no express or implied warranties of accuracy or fitness for a particular purpose or use with respect to the information and suggestions set out in this publication. This publication also contains information or suggestions contributed by others, whose views or opinions are solely those of the contributors and do not necessarily reflect or represent those of the Privacy Commissioner. All information and suggestions provided in this publication will not affect the functions and powers conferred upon the Privacy Commissioner under the Personal Data (Privacy) Ordinance.

The PCPD shall not be liable for any damages (including but not limited to damages for loss of business or loss of profits) arising in contract, tort or otherwise from (i) the use of or inability to use this publication or its content, or (ii) from any action taken or decision made on the basis of the content of this publication.

If you click any hyperlink in this publication that brings you to sites operated by other organisations, the PCPD accepts no responsibility for the contents of those sites and shall not be liable for any loss or damage arising out of and/or incidental to the use of the contents.