PCPD e-NEWSLETTER
ISSUE Jan 2023
|
|
|
|
PCPD e-NEWSLETTER
ISSUE Jan 2023
|
|
|
|
Privacy Commissioner’s Office Launches
“Privacy-Friendly Awards 2023”
|
In view of the positive feedbacks and overwhelming response received for the inaugural “Privacy-Friendly Awards 2021”, the PCPD is pleased to announce the launch of the 2nd “Privacy-Friendly Awards 2023” (Awards) and invites applications from interested organisations starting from 5 January. Under the theme of “Embrace Privacy Management Programme to Gain Trust and Benefits”, the Awards aim to recognise the commitment and efforts of enterprises, public and private organisations as well as government departments in protecting personal data privacy. Participating organisations with designated “Privacy Protection Measures” in place will be awarded. In addition to the Gold, Silver or Bronze “Privacy-Friendly” Certificate, awardees will be presented with one-year free membership of the PCPD Data Protection Officers’ Club and specified quota of enrolment of the professional workshops organised by the PCPD. Outstanding performers will also be invited to participate in the publicity activities to showcase their achievements in personal data privacy protection. Interested organisations should complete and submit the online application form and relevant supporting documents on the Awards website by 10 March 2023.
Please click here to visit the Awards website for application details.
Please click here to watch the promotional video of the Awards.
|
Be a Smart Elderly – Privacy Commissioner’s Office Volunteer Team Organises a New Year Talk for Elderlies
|
The Anti-Epidemic Volunteer Team (Volunteer Team) of the PCPD visited over 80 elders at the Wan Chai Methodist Centre for the Seniors on 12 January 2023. During the visit, the Volunteer Team arranged a talk and some games to raise the elderly’s awareness of fraudulent scams so that they may easily identify scammers. During the visit, Privacy Commissioner Ms Ada CHUNG Lai-ling shared the tricks of some common scams with the elderly. The Volunteer Team also invited an artist Mr Timothy CHENG Tse-sing to play host to the event. Mr Cheng played quiz and role-playing games with the elderly, allowing them to apply what they had just learned to prevent falling into the traps of scammers. There was also a lucky draw session during the event, where a number of lucky winners received gifts from the Volunteer Team. The Volunteer Team also distributed New Year’s gift bags to every participant, including New Year’s items and anti-epidemic items, in the hope of giving them warmth and blessings for the Chinese New Year.
|
|
|
New Year’s Privacy Resolution – Develop a Personal Data Privacy Management Programme for your Organisation
|
|
PRIVACY COMMISSIONER’S FINDINGS
|
PRIVACY COMMISSIONER’S FINDINGS
|
Unauthorised Access to a Clinical Centre’s Customer Personal Data System
|
|
Safe Travelling – Practical Cybersecurity Tips for Travellers
|
|
|
Privacy Commissioner Reminds the Public to Guard against Fraud
|
A 52-year-old Chinese Female Arrested for Posting Doxxing Posters
|
Privacy Commissioner’s Office Commences Compliance Check into a Data Breach Involving Hong Kong Golden Forum Members
|
Appointment of New Member to the Standing Committee on Technological Developments of the PCPD
|
RECOMMENDED ONLINE TRAININGS
|
Online Professional Workshops
|
Free Online Seminar: Introduction to the PDPO
|
Arrange an In-house Seminar for Your Organisation
|
RENEWAL OF DPOC’S MEMBERSHIP
|
|
Reaching Out to the Community – Privacy Commissioner Interviewed by RTHK’s “Open Line Open View”
|
Privacy Commissioner Publishes an Article Entitled “One Year On: A Review of the New Anti-doxxing Regime” at Hong Kong Lawyer
|
Reaching Out to Schools – Privacy Commissioner’s Office Organises the Webinar on “Preventing and Handling of Students’ Misbehaviour involving Cyberbullying and Doxxing”
|
Reaching Out to Schools – Privacy Commissioner Explains the New Doxxing Offence and the Protection of Personal Data Privacy Online to Primary and Secondary School Teachers
|
|
Highlights of the “Measures for the Management of Data Security in the Field of Industry and Information Technology (Trial)” 《工業和信息化領域數據安全管理辦法(試行)》的重點
|
EU: European Parliament Issues Agenda for 2023, Including Digital Transformation, Cryptocurrency, and Data Sharing
|
EU: CJEU Issues Ruling on Right to be Informed of Disclosure of Personal Data
|
Italy: Legislative Decree Recognising Right to be Forgotten when Acquitted in Criminal Trial Enters into Force
|
Crystal Ball Privacy in 2023: US States, Kids and Artificial Intelligence
|
|
|
New Year’s Privacy Resolution – Develop a Personal Data Privacy Management Programme for your Organisation
Organisations in the public or private sectors have to collect and process vast amount of customers’ or employees’ personal data. With the ever-rising expectations for data privacy protection, organisations should proactively embrace personal data protection as part of their corporate governance responsibilities. The new year is a perfect moment for organisations to review their internal policies and practices on the handling of personal data and privacy protection, and to implement a comprehensive Personal Data Privacy Management Programme (PMP) for the responsible use of personal data that is in compliance with the Personal Data (Privacy) Ordinance (PDPO), so as to gain trust of their customers and enhance organisations’ reputation and competitiveness.
Components of a PMP
A PMP should consist of the following three sets of components:
|
Benefits of Implementing a PMP
With a PMP in place, organisations can:
- Minimise the risks of incidents in relation to data security;
- Handle privacy breaches effectively with established procedures and protocol to minimise the damage arising;
- Manage collected personal data effectively;
- Ensure compliance with the PDPO;
- Demonstrate the organisations’ commitment to good corporate governance to build trust with customers and relevant stakeholders; and
- Enhance corporate reputation, competitive advantages and potential business opportunities.
Please view the PCPD’s publication below to learn how to devise and implement a comprehensive PMP: A Best Practice Guide on Privacy Management Programme
|
|
|
PRIVACY COMMISSIONER’S FINDINGS
|
Unauthorised Access to a Clinical Centre’s Customer Personal Data System
Background
A clinical centre reported to the PCPD that its customer personal data system containing patient files had suffered a ransomware attack. As a result, about 115,000 records of patients’ personal data containing names, gender, dates of birth, Hong Kong Identity (HKID) Card numbers, contact numbers and addresses, email addresses, occupations, family history and emergency contact information were leaked.
The incident was caused by the use of outdated operating systems and software, which had left its system vulnerable to attackers.
Remedial Measures
Upon receiving the notification from the clinical centre, the PCPD initiated a compliance check and provided recommendations to the clinical centre to ensure compliance with the provisions of the PDPO. The clinical centre conducted a vulnerability scan on its systems, updated the relevant software and operating systems, and scheduled a weekly system update exercise to ensure that all software installed was up to date. It also agreed to engage an external cybersecurity company to conduct a security audit on its systems on an annual basis.
Lessons Learnt
The use of outdated software and operating systems could expose a data user to severe security vulnerabilities. Healthcare organisations possess a huge amount of patients’ sensitive data and should therefore take reasonably practicable measures to ensure their systems are free from outdated or unsupported software to minimise the risk of exposure to cyber attacks. Healthcare organisations should perform periodic vulnerability scanning exercises to detect possible security vulnerabilities and take timely action to remediate them.
|
Safe Travelling – Practical Cybersecurity Tips for Travellers
Travellers usually carry their electronic devices, such as smartphones and laptops, which store their personal information, to assist with getting locations, identifying points of interest, and capturing photos when embarking on their journey around the world. To protect our own personal data privacy, it is necessary for us to adopt good cybersecurity measures before and during the trip. Here are some practical tips for being cyber-safe during our trips.
Before the Trip:
- Back up and clean up sensitive data on mobile phones and notebook computers;
- Encrypt the mobile devices, or use encrypted or secure cloud storage if necessary;
- Update mobile applications and security patches from a trusted source;
- Turn on Two-Factor Authentication; and
- Configure “Find My Phone” feature to wipe the devices in case of loss or theft.
During the Trip:
- Use secure connection (HTTPS or VPN) with Two-Factor Authentication to log in corporate systems or conduct transactions;
- Turn off auto-connect of Wi-Fi;
- Clean up browser history caches and cookies after use;
- Pay attention to SMS or email notifications of account login and financial transactions; and
- Use a different password or PIN (different from daily use) for the deposit box or login account of the hotel.
|
|
|
Reaching Out to the Community – Privacy Commissioner Interviewed by RTHK’s “Open Line Open View”
|
In relation to a fraud case in which fraudsters used others’ facial images to obtain personal loans, Privacy Commissioner Ms Ada CHING Lai-ling was interviewed by RTHK’s “Open Line Open View” on 16 January.
During the interview, the Privacy Commissioner pointed out that facial images could be regarded as sensitive personal data, and offered some practical tips to members of the public to safeguard their personal data.
The Privacy Commissioner also reminded members of the public to stay vigilant and not to disclose personal data to others arbitrarily. The Privacy Commissioner also explained the contents of the “Guidance on Collection and Use of Biometric Data” issued by the PCPD.
|
Privacy Commissioner Publishes an Article Entitled “One Year On: A Review of the New Anti-doxxing Regime” at Hong Kong Lawyer
|
Privacy Commissioner Ms Ada CHUNG Lai-ling published an article entitled “One Year On: A Review of the New Anti-doxxing Regime” at Hong Kong Lawyer to explain the new doxxing offences which took effect in October 2021, and recapitulate her Office’s enforcement work and achievements in combatting doxxing over the past year, the education and publicity efforts in raising the public awareness of the new anti-doxxing regime, and the progress made in fostering external enforcement collaborations.
The Privacy Commissioner highlighted that the implementation of the new anti-doxxing regime safeguards the values of our city as a civilised society and upholds the rule of law across the territory, and does not affect the normal and lawful business activities in Hong Kong, nor the freedom of speech and free flow of information that Hong Kong citizens enjoy.
Please click here to read the article.
|
Reaching Out to Schools – Privacy Commissioner’s Office Organises the Webinar on “Preventing and Handling of Students’ Misbehaviour involving Cyberbullying and Doxxing”
|
The PCPD and the Hong Kong Association for Computer Education (HKACE) jointly organised a webinar on “Preventing and Handling of Students’ Misbehaviour involving Cyberbullying and Doxxing” on 6 January, which attracted an audience of over 500 principals and teachers from primary and secondary schools. The webinar was supported by the Education Bureau. Privacy Commissioner Ms Ada CHUNG Lai-ling introduced to the participants the doxxing offences under the Personal Data (Privacy) Amendment Ordinance 2021 and shared some practical tips on how to protect personal data online. Mr CHU Ka-tim, Chairman of the HKACE and Vice Principal of Hong Kong True Light College shared his experience in nurturing students’ correct attitude in the use of online media while Mr HUNG Wai-kit, Council Member of the HKACE and Discipline Master of PLK Stanley Ho Sau Nan Primary School, and Mr LI Chiu-fai, Council Member of the HKACE and Assistant Principal of Cognitio College (Kowloon), shared their experience in handling cyberbullying cases. Please click here to download Privacy Commissioner's presentation deck (Chinese Only). Please click here to download Mr Hung’s presentation deck (Chinese Only). Please click here to download Mr Li’s presentation deck (Chinese Only). Please click here to download Mr Chu’s presentation deck (Chinese Only).
|
Reaching Out to Schools – Privacy Commissioner Explains the New Doxxing Offence and the Protection of Personal Data Privacy Online to Primary and Secondary School Teachers
|
Privacy Commissioner Ms Ada CHUNG Lai-ling attended the “Workshop on Understanding Social Media and Refusing Cyberbullying” co-organised by the Education Bureau and Journalism Education Foundation on 4 January, and gave a presentation on “Understanding Doxxing Offence and Privacy Traps in Social Media” to around 50 primary and secondary school teachers who attended the Workshop.
Apart from explaining the new doxxing offence and the seriousness of the offence, the Privacy Commissioner also provided some recommendations on how to protect personal data privacy in the use of social media and instant messaging apps, with a view to assisting teachers to instil the importance of respecting and protecting personal data privacy among students.
Please click here for the presentation deck (Chinese only).
|
|
|
Privacy Commissioner Reminds the Public to Guard against Fraud
|
The PCPD noted a recently reported case in which fraudsters used others’ facial images and obtained sensitive personal data like Hong Kong Identity (HKID) Card numbers, residential address proofs and tax returns to open virtual bank accounts and apply for personal loans, resulting in monetary loss to the victims. Privacy Commissioner Ms Ada CHUNG Lai-ling reminds members of the public to be cautious of scams and offers five tips to safeguard personal data privacy:
- Be vigilant: Beware of the possible swindling of various types of personal data, including names, HKID Card numbers, dates of birth, residential addresses, facial images, video images and bank account numbers. If someone asks for your personal data, be vigilant and check with them the purpose of collecting the data;
- Do not disclose data arbitrarily: Do not disclose personal data arbitrarily, especially HKID Card numbers, bank account numbers, passwords, facial images, residential addresses, tax returns, etc., and avoid disclosing too much personal data on social media platforms;
- Keep an eye on your accounts and credit history: Monitor transactions of your online banking accounts from time to time and watch out for any unusual log-in records of your accounts and personal emails, and any irregular loan transactions;
- Fraud prevention information: Pay attention to fraud prevention messages of the PCPD, the Police or relevant organisations to avoid phishing websites or fraudulent calls; and
- Data erasure and security: If personal data (e.g. residential address proofs) has been used for its intended purpose, the data should be disposed of in a secure manner (e.g. through a paper shredder) to avoid the same being picked up by others for unlawful purposes.
In addition, the PCPD has set up a “Personal Data Fraud Prevention Hotline” 3423 6611 to handle enquiries or complaints from members of the public in relation to suspected data fraud cases.
|
A 52-year-old Chinese Female Arrested for Posting Doxxing Posters
|
The PCPD arrested a Chinese female aged 52 in the New Territories on 10 January 2023. She was suspected to have disclosed the personal data of a data subject without her consent, in contravention of section 64(3A) of the PDPO. The investigation revealed that the victim and the arrested person were former colleagues working in a school between 2019 and 2021. Their relationship turned sour in 2021 owing to work grudges. In July 2022, posters were displayed near the school on two occasions, disclosing copies of the victim’s HKID card and some negative remarks against her. The personal data disclosed included the victim’s Chinese and English names, HKID card number, date of birth and her photo. The PCPD reminds members of the public that identity cards contain sensitive personal data. Disclosing copies of identity cards without the consent of the data subject concerned, either arbitrarily or maliciously, may constitute a doxxing offence. An offender is liable on conviction to a fine up to $1,000,000 and imprisonment for 5 years. Relevant Provisions under the PDPO Pursuant to section 64(3A) of the PDPO, a person commits an offence if the person discloses any personal data of a data subject without the relevant consent of the data subject –
- with an intent to cause any specified harm to the data subject or any family member of the data subject; or
- being reckless as to whether any specified harm would be, or would likely be, caused to the data subject or any family member of the data subject.
A person who commits an offence under section 64(3A) is liable on conviction to a fine of $100,000 and imprisonment for 2 years.
According to section 64(6) of the PDPO, specified harm in relation to a person means –
- harassment, molestation, pestering, threat or intimidation to the person;
- bodily harm or psychological harm to the person;
- harm causing the person reasonably to be concerned for the person’s safety or well-being; or
- damage to the property of the person.
|
Privacy Commissioner’s Office Commences Compliance Check into a Data Breach Involving Hong Kong Golden Forum Members
|
The PCPD received a notification from the Hong Kong Golden Forum in the evening of 29 December 2022, informing the PCPD that the personal data of a considerable number of members of the Hong Kong Golden Forum had been put on dark web for sale. Having considered the significant number of data subjects involved, the PCPD has immediately commenced a compliance check into the incident, including ascertaining the details of the incident and the personal data involved, etc. The PCPD appeals to citizens who have registered as members of the relevant forum to be vigilant about potential theft of their personal data. If they are in doubt about whether their personal data have been leaked, they may make enquiries with the platform concerned or the PCPD (telephone: 2827 2827 or email: communications@pcpd.org.hk). To protect personal data privacy, affected citizens are also advised to take the following measures:
- Change the passwords of the relevant accounts. Where necessary, change the passwords and email addresses of accounts of other social media platforms;
- Beware of any unusual logins of any registered accounts and personal emails;
- Stay vigilant when they receive any suspicious calls, text messages or emails from unknown sources, do not open the attachment or disclose their personal data arbitrarily; and
- Be vigilant against phishing emails or other possible scams.
|
Appointment of New Member to the Standing Committee on Technological Developments of the PCPD
|
Privacy Commissioner Ms Ada CHUNG Lai-ling announced the appointment of Mr Alan CHEUNG to the Standing Committee on Technological Developments (SCTD) of the PCPD on 30 December 2022 for a two-year term from 1 January 2023 to 31 December 2024. Mr Alan CHEUNG is the Senior Director of the Trust and Artificial Intelligence Technologies Division of Hong Kong Applied Science and Technology Research Institute (ASTRI). He has more than 20 years of experience in research and development, which focuses on both hardware and software applications in the secured systems domain. He is also a pioneer in blockchain technology. Currently he leads the division in driving ASTRI’s initiatives, particularly in relation to fintech and smart city. The Privacy Commissioner would also like to take the opportunity to thank the outgoing member, Mr Mark PARSONS, for his invaluable contributions and advice to the SCTD over the years. With effect from 1 January 2023, the members of the SCTD (in alphabetical order of surname) are as follows:
- Ms Ada CHUNG Lai-ling (Privacy Commissioner) (Co-chairperson)
- Ms Cecilia SIU (Assistant Privacy Commissioner (Legal, Global Affairs & Research)) (Co-chairperson)
- Ir Alex CHAN
- Mr Alan CHEUNG (new member)
- Mr Francis FONG
- Prof Jason LAU
- Prof K F WONG
- Prof S M YIU
The SCTD was established to advise the Privacy Commissioner on, among other things, the impacts of the developments in the processing of data and information technology on the privacy of individuals in relation to personal data.
|
Highlights of the “Measures for the Management of Data Security in the Field of Industry and Information Technology (Trial)” 《工業和信息化領域數據安全管理辦法(試行)》的重點
|
After two rounds of public consultation, on 8 December 2022, the Ministry of Industry and Information Technology (MIIT) issued the finalised version of the Measures for the Management of Data Security in the Field of Industry and Information Technology (Trial) (the Measures). The Measures, which came into effect on 1 January 2023, classify data into three categories and require companies in the field of industry and information technology sectors to take different degrees of data protection measures when processing data. This article provides an overview of the Measures.
為規範工業和信息化領域的數據處理活動,加強數據安全管理及保障數據安全,工業和信息化部 ( 工信部 ) 於2022年12月8日發布《工業和信息化領域數據安全管理辦法(試行)》 (《辦法》)1 。《辦法》已於2023年1月1日起實施,對工業和信息化領域數據處理活動進行安全監管,並就數據分類分級管理及數據全生命週期等方面提出具體要求。有關《辦法》的重點如下:
適用情況及定義
《辦法》就開展工業和信息化領域數據活動的數據處理者2作出安全監管,並對以下三項數據作出清晰定義3:
- 工業數據 – 指工業各行業各領域在研發設計、生產製造、經營管理、運行維護、平台運營等過程中產生和收集的數據。
- 電信數據 – 指在電信業務經營活動中產生和收集的數據。
- 無線電數據 – 指在開展無線電業務活動中產生和收集的無線電頻率、台(站)等電波參數數據。
數據分類分級管理
數據處理者可根據行業要求、特點、業務需求、數據來源和用途等因素來劃分不同數據的類別,《辦法》進一步要求工業和信息化領域數據處理者須就數據作出適當分類和分級,以一般數據,重要數據和核心數據作三大類別:
當危害程度符合下列條件之一,有關數據須被劃分為一般數據4:
-
- 對公共利益或者個人、組織合法權益造成較小影響,社會負面影響小;
- 受影響的用戶和企業數量較少、生產生活區域範圍較小、持續時間較短,對企業經營、行業發展、技術進步和產業生態等影響較小;
- 其他未納入重要數據、核心數據目錄的數據。
當危害程度符合下列條件之一,有關數據須被劃分為重要數據5:
-
- 對政治、國土、軍事、經濟、文化、社會、科技、電磁、網路、生態、資源、核安全等構成威脅,影響海外利益、生物、太空、極地、深海、人工智能等與國家安全相關的重點領域;
- 對工業和信息化領域發展、生產、運行和經濟利益等造成嚴重影響;
- 造成重大數據安全事件或生產安全事故,對公共利益或者個人、組織合法權益造成嚴重影響,社會負面影響大;
- 引發的級聯效應明顯,影響範圍涉及多個行業、區域或者行業內多個企業,或者影響持續時間長,對行業發展、技術進步和產業生態等造成嚴重影響;
- 經工業和信息化部評估確定的其他重要數據。
當危害程度符合下列條件之一,有關數據須被劃分為核心數據6:
-
- 對政治、國土、軍事、經濟、文化、社會、科技、電磁、網路、生態、資源、核安全等構成嚴重威脅,嚴重影響海外利益、生物、太空、極地、深海、人工智能等與國家安全相關的重點領域;
- 對工業和信息化領域及其重要骨幹企業、關鍵信息基礎設施、重要資源等造成重大影響;
- 對工業生產運營、電信網路和互聯網運行服務、無線電業務開展等造成重大損害,導致大範圍停工停產、大面積無線電業務中斷、大規模網路與服務癱瘓、大量業務處理能力喪失等;
- 經工業和信息化部評估確定的其他核心數據。
工業和信息化領域數據處理者應當將重要數據和核心數據的目錄向地區行業監管部門備案。備案內容包括但不限於數據來源、類別、級別、規模、載體、處理目的和方式、使用範圍、責任主體、對外共用、跨境傳輸、安全保護措施等基本情況(但不包括數據內容本身)7。當備案內容發生重大變化8,有關數據處理者須在發生變化的三個月內履行備案變更手續。
《辦法》要求重要數據和核心數據處理者每年至少要完成一次數據安全風險評估。評估可以自行或委託第三方評估機構開展,並向地區行業監管部門報送評估報告9。
數據全生命週期安全管理
根據《辦法》,不同級別的數據分類均有相應的保護要求10。
就一般數據而言,數據處理者應建立數據的全生命週期安全管理制度、按需要配備數據安全管理人員、合理確定數據處理活動的操作權限、制定應急預案和開展應急演練,以及定期對從業人員開展數據安全教育和培訓等。
就重要數據和核心數據的數據處理者而言,除了應符合上述的基本要求外,《辦法》亦要求該等處理者建立覆蓋相關部門的數據安全工作體系、明確數據處理關鍵崗位和崗位職責,以及建立內部登記和審批工作等。
數據出境
《辦法》亦提到,數據處理者在境內收集和產生的重要數據和核心數據,如現行法律、行政法規有境內存儲要求的,均應當在境內存儲備份。如確實需向境外提供的,則應依法依規進行數據出境安全評估11。
如有違反《辦法》當中的規定,有關行業監管部門可按照相關法律法規,根據情節嚴重程度給予沒收違法所得、罰款、暫停業務、停業整頓、吊銷業務許可證等行政處罰;構成犯罪的,將依法追究刑事責任12。
總結
總括而言,《辦法》確立了工業和信息化領域數據處理者應當履行的數據安全主體責任義務,並對各類數據實行分級防護。值得注意的是,當有不同級別數據同時被處理但難以去劃分等級的情況出現,有關數據處理者應按照其中級別最高的要求實施保護,以確保數據持續處於有效保護和合法利用的狀態13。
1 全文:https://www.miit.gov.cn/zwgk/zcwj/wjfb/tz/art/2022/art_e0f06662e37140808d43d7735e9d9fd3.html
2 根據《辦法》第三條,工業和信息化領域數據處理者是指數據處理活動中自主決定處理目的、處理方式的工業企業、軟件和信息技術服務企業、取得電信業務經營許可證的電信業務經營者和無線電頻率、台(站)使用單位等工業和信息化領域各類主體。工業和信息化領域數據處理者按照所屬行業領域可分為工業數據處理者、電信數據處理者、無線電數據處理者等。
3《辦法》第三條
4《辦法》第九條
5《辦法》第十條
6《辦法》第十一條
7《辦法》第十二條
8《辦法》第十二條說明所謂重大變化是指某類重要數據和核心數據規模(數據條目數量或者存儲總量等)變化30%以上,或者其它備案內容發生變化。
9《辦法》第三十一條
10《辦法》第十三條
11《辦法》第二十一條
12《辦法》第三十六條
13《辦法》第十三條
|
|
|
RECOMMENDED ONLINE TRAININGS
|
Online Practical Workshop on Data Protection Law
|
This workshop, to be conducted by experienced lawyers from the PCPD, is for people who are charged with the responsibility in advising on compliance with the PDPO to acquire solid grounding in the application and interpretation of the provisions of the PDPO.
Date: 15 February 2023 (Wednesday)
Time: 2:15pm – 5:15pm
Fee: $950/$760*
(*Members of the DPOC and the supporting organisations may enjoy the discounted fee)
Language: Cantonese
Who should attend: solicitors, barristers, in-house legal counsels, data protection officers, compliance officers
|
Online Practical Workshop on Data Protection and Data Access Request
|
There are stringent requirements for compliance with a Data Access Request (DAR) under the PDPO. Organisations may find it challenging to deal with a DAR properly and effectively. This workshop provides practical guidance on issues relating to DAR raised by customers or employees.
Date: 22 February 2023 (Wednesday)
Time: 2:15pm – 5:15pm
Fee: $750/$600*
(*Members of the DPOC and the supporting organisations may enjoy the discounted fee)
Language: Cantonese
Who should attend: solicitors, data protection officers, administration managers, human resource officers, customer services personnel
|
Other Professional Workshops on Data Protection from Feb to Mar 2023:
|
Online Free Seminar – Introduction to the PDPO Seminar
|
The PCPD organises free introductory seminars regularly to raise public awareness and their understanding of the PDPO. Details of the upcoming sessions are as below:
|
Seminar Outline:
- A general introduction to the PDPO;
- The six Data Protection Principles;
- Offences and compensation;
- Direct marketing; and
- Q&A session.
|
Arrange an In-house Seminar for Your Organisation
|
Teaching employees how to protect personal data privacy is increasingly recognised as an important part of employee training. If you wish to arrange an in-house seminar for your organisation to learn more about the PDPO and data privacy protection, you can make a request for an in-house seminar via our online form.
The seminar outline is as follows:
- A general introduction to the PDPO;
- The six Data Protection Principles (industry-related cases will be illustrated);
- Handling of data breach incidents;
- Direct marketing;
- Offences and compensation; and
- Q&A session.
Duration: 1.5 hours
|
Renewal of DPOC’s Membership
|
Renew your DPOC membership today and continue to enjoy privileged access to course enrolments throughout the year!
Special offer for organisational renewals:
Organisations can join the 2-for-1 scheme, which enables you to receive two memberships for the price of one annual fee (HK$350).
Renew your membership now to keep up-to-date with the latest news and legal developments!
|
The PCPD values the opinions of all our DPOC members. We love to hear your ideas and suggestions on what privacy topics you would like to learn more about. Email your thoughts to us at dpoc@pcpd.org.hk and we shall include the most popular topics in our future e-newsletters.
|
|
|
Contact Us
Address: Unit 1303, 13/F, Dah Sing Financial Centre, 248 Queen's Road East, Wanchai, Hong Kong
Tel: 2827 2827
If you do not wish to receive the PCPD e-Newsletter, please click here to unsubscribe.
|
Copyright
Disclaimer
The information and suggestions provided in this publication are for general reference only. They do not serve as an exhaustive guide to the application of the law. The Privacy Commissioner makes no express or implied warranties of accuracy or fitness for a particular purpose or use with respect to the information and suggestions set out in this publication. This publication also contains information or suggestions contributed by others, whose views or opinions are solely those of the contributors and do not necessarily reflect or represent those of the Privacy Commissioner. All information and suggestions provided in this publication will not affect the functions and powers conferred upon the Privacy Commissioner under the Personal Data (Privacy) Ordinance.
The PCPD shall not be liable for any damages (including but not limited to damages for loss of business or loss of profits) arising in contract, tort or otherwise from (i) the use of or inability to use this publication or its content, or (ii) from any action taken or decision made on the basis of the content of this publication.
If you click any hyperlink in this publication that brings you to sites operated by other organisations, the PCPD accepts no responsibility for the contents of those sites and shall not be liable for any loss or damage arising out of and/or incidental to the use of the contents.
|
|
|
|