PCPD e-NEWSLETTER
ISSUE Mar 2023
|
|
|
|
PCPD e-NEWSLETTER
ISSUE Mar 2023
|
|
|
|
The Estate Agents Authority and
the Office of the Privacy Commissioner for Personal Data
Jointly Organised an Online Seminar for Estate Agents
|
The EAA Chief Executive Officer Ms Ruby HON (left) and the Privacy Commissioner Ms Ada CHUNG Lai-ling (right)
|
The Estate Agents Authority (EAA) has organised in collaboration with the Office of the Privacy Commissioner for Personal Data (PCPD) a webinar for estate agents on “Protection of Personal Data Privacy for the Estate Agency Sector” on 27 March 2023, which attracted over 300 participants.
This is the first seminar that the EAA and the PCPD co-organised for the estate agency practitioners. Privacy Commissioner Ms Ada CHUNG Lai-ling attended as the keynote speaker of the webinar, together with the Senior Personal Data Officer (Complaints) of the PCPD Ms Terri WU and the Manager (Complaints) of the EAA Ms Christine CHONG to explain the direct marketing regime and the doxxing offences under the Personal Data (Privacy) (Amendment) Ordinance 2021, as well as share the data privacy related cases involving the estate agency sector and good practices of personal data management for the estate agency practitioners.
The EAA Chief Executive Officer Ms Ruby HON said at the welcoming speech of the webinar, “In order to prevent estate agency practitioners from infringing the law by mistake, the EAA and the PCPD co-organise this webinar to strengthen the practitioners’ understanding of the importance of personal data privacy. I hope that, through today’s talk, the practitioners will gain a deeper understanding of the doxxing offences, the regulations on direct marketing, and good practices in managing personal data”.
The Privacy Commissioner Ms Ada CHUNG said, “The PCPD is very pleased to collaborate with the EAA to organise the seminar. I believe that the seminar would provide pertinent information to assist estate agency practitioners in understanding and complying with the requirements of the Personal Data (Privacy) Ordinance (PDPO) and hence enhancing the protection of their clients’ privacy in respect of personal data”.
The webinar is one of the major activities of the EAA’s Continuing and Professional Development Scheme. The EAA expects that the seminar could enhance the practitioners’ understanding of the new doxxing offences and avoid violating the PDPO when conducting estate agency work.
|
Second Sentencing for the New Doxxing Offence
|
The Shatin Magistrates’ Court earlier convicted a 36-year old female, Ms SHAM Chun-kiu (defendant), of 14 charges of the new doxxing offence upon her guilty plea. After considering the relevant report, the court sentenced the defendant to two months of imprisonment on 8 March 2023, suspended for two years.
This is the second sentencing case prosecuted by the PCPD under the new anti-doxxing regime which took effect on 8 October 2021.
Background of the Case
The defendant was an online trader and the victim was her supplier. Their business relationship turned sour because of a monetary dispute. In December 2021, the defendant disclosed the personal data of the victim and her husband in 14 groups on a social media platform, which also contained allegations about fraudulent behaviour. The personal data disclosed included the Chinese names and photos of the victim and her husband, and the phone number of the victim.
The PCPD arrested the defendant on 26 July 2022. Upon legal advice obtained from the Department of Justice, a total of 14 charges were laid against her on 7 December 2022 in respect of the doxxing acts. The defendant pleaded guilty to all charges at the Shatin Magistrates’ Court and was convicted by the Court on 1 February 2023. The conviction relates to her disclosure of the personal data of the victim and her husband in 14 groups on a social media platform between 18 and 19 December 2021 without their consent, with an intent to cause specified harm to them or their family members, or being reckless as to whether specified harm would be (or would likely be) caused to them or their family members, in contravention of section 64(3A) of the PDPO.
Relevant Provisions under the PDPO
Pursuant to section 64(3A) of the PDPO, a person commits an offence if the person discloses any personal data of a data subject without the relevant consent of the data subject –
- with an intent to cause any specified harm to the data subject or any family member of the data subject; or
- being reckless as to whether any specified harm would be, or would likely be, caused to the data subject or any family member of the data subject.
A person who commits an offence under section 64(3A) is liable on conviction to a fine of $100,000 and imprisonment for 2 years.
According to section 64(6) of the PDPO, specified harm in relation to a person means –
- harassment, molestation, pestering, threat or intimidation to the person;
- bodily harm or psychological harm to the person;
- harm causing the person reasonably to be concerned for the person’s safety or well-being; or
- damage to the property of the person.
|
|
|
Embracing Data Ethics in the Development and Use of Artificial Intelligence
|
|
PRIVACY COMMISSIONER’S FINDINGS
|
PRIVACY COMMISSIONER’S FINDINGS
|
An Estate Agent Failed to Comply with the Opt-out Request from a Customer to Cease Using his Personal Data in Direct Marketing
|
|
Protecting Your Personal Data from Malware
|
|
|
A 31-year-old Chinese Male Arrested for a Suspected Doxxing Offence
|
Privacy Commissioner’s Office Urged the Public to Guard against Phishing Websites and Fraudulent SMS Messages
|
Two Men Arrested for Suspected Doxxing Relating to Rental Disputes
|
RECOMMENDED ONLINE TRAININGS
|
Online Professional Workshops
|
Free Online Seminar: Introduction to the PDPO
|
Arrange an In-house Seminar for Your Organisation
|
RENEWAL OF DPOC’S MEMBERSHIP
|
|
Reaching Out to Schools – Privacy Commissioner Attended the “Media and Information Literacy” Education Webinar
|
Celebrating International Women’s Day – Privacy Commissioner Spoke at the Event Entitled “Dare to Dream: A Celebration of Women with Vision”
|
Reaching Out to University – Privacy Commissioner Highlighted Data Privacy Risks in the Cyberworld to University Students
|
Reaching Out to the Community – Privacy Commissioner Interviewed by Metro Finance FM104’s “Viva Counselor”
|
Reaching Out to Information Technology Sector – Head of Compliance Attended the Seminar on “Privacy Risks and Opportunities of Digital Marketing” Organised by Federation of Hong Kong Industries
|
|
Highlights of the “Measures on the Standard Contract for Cross-border Transfers of Personal Information”
《個人信息出境標準合同辦法》的重點
|
EU: EDPB Launches Second Coordinated Enforcement Action on Data Protection Officers
|
UK: ICO Publishes Review of Data Sharing under Digital Economy Act 2017
|
USA: Bill for the Data Care Act Introduced to Senate
|
Canada: Government Updates Overview of Artificial Intelligence and the Artificial Intelligence and Data Act
|
|
|
Embracing Data Ethics in the Development and Use of Artificial Intelligence
Stepping into the era of artificial intelligence (AI), AI applications, including image and speech recognition, chatbots, automated decision-making, and the recently popular AI-generative tools, have been widely adopted in various sectors and transformed every walk of life. AI refers to a family of technologies that involve the use of computer programmes and machines to mimic the problem-solving or decision-making capabilities of human beings. To train algorithms and eventually the model itself, AI requires the collection, use and analysis of massive amounts of data. While AI has enormous potential to boost productivity and economic development, it poses potential threats to privacy and security of personal data.
To strike a balance between the adoption of AI and the protection of personal data privacy, organisations should embrace three fundamental Data Stewardship Values, including:
-
Being Respectful – respect the dignity, autonomy, rights, interests and reasonable expectations of individuals in processing their data;
-
Being Beneficial – provide benefits and minimise harm to stakeholders; and
-
Being Fair – make decisions reasonably without unjust bias or unlawful discrimination.
Organisations are also encouraged to adopt the following Ethical Principles for AI:
- Accountability – organisations should be responsible for what they do and be able to provide sound justifications for their actions;
- Human Oversight – users of AI systems should be able to take informed and autonomous action regarding the recommendations or decisions of the AI systems;
- Transparency and Interpretability – organisations should clearly and prominently disclose their use of AI and the relevant data privacy practices while striving to improve the interpretability of automated and AI-assisted decisions;
- Data Privacy – effective data governance should be put in place to protect individuals’ privacy in the development and use of AI;
- Fairness – individuals are entitled to be treated in a reasonably equal manner, without unjust bias or unlawful discrimination;
- Beneficial AI – AI should provide benefits to human beings, businesses and the wider community; and
- Reliability, Robustness and Security – organisations should ensure that AI systems operate reliably, are resilient to errors and are protected against attacks.
Please view the PCPD’s publication below to learn more on developing and using AI ethically:
Guidance on the Ethical Development and Use of Artificial Intelligence
|
|
|
PRIVACY COMMISSIONER’S FINDINGS
|
An Estate Agent Failed to Comply with the Opt-out Request from a Customer to Cease Using his Personal Data in Direct Marketing
|
The Complaint
The Complainant provided his full name and mobile phone number to an estate agency when he purchased a property. He subsequently made an opt-out request to the agency and received a confirmation from the agency that his personal data had already been included in its opt-out list and no further direct marketing calls would be made to him. However, the Complainant later received a direct marketing call from an estate agent of the agency asking him if he wished to sell his property.
Outcome
The estate agent was charged with failing to comply with the request from a data subject to cease using his personal data in direct marketing, contrary to section 35G(3) of the Personal Data (Privacy) Ordinance. The estate agent was convicted after trial and fined HK$15,000.
Lessons Learnt
Before calling a customer for direct marketing purposes, a staff member of a company should check the opt-out list maintained by the company. An individual staff member who has failed to check the opt-out list and called the customers on the list for direct marketing may have committed a criminal offence.
Pursuant to section 35G(3) of the PDPO, a data user who receives a customer’s request to cease using his personal data in direct marketing must comply with the request without a charge. Failing to comply with the requirement is a criminal offence, and is punishable by a fine up to HK$500,000 and imprisonment of up to 3 years.
|
Protecting Your Personal Data from Malware
With the increased digitisation of data and interconnection of information and communications technology, cybercriminals employ malicious software (malware) as a major strategy for stealing personal information from internet users. Malware is a collective term for viruses, worms, trojans, keyloggers, zombies, etc. that compromise normal computer functions, steal data, obtain unauthorised access, and launch organised cyberattacks on electronic devices connected to the internet. To protect your personal data against malware, it is important to secure your devices as the first line of defence in your everyday life. Here are some dos and don'ts to follow:
Dos
-
Install the most up-to-date anti-virus packages for your electronics devices and ensure that the signature files are regularly updated according to the software vendor’s recommendations;
-
Turn on the personal firewall feature of your operating system or anti-virus package to control the network traffic to and from your device;
-
Enable and properly configure real-time detection to scan your electronic devices for malware;
-
Check all removable disks and files downloaded from the internet (especially those from an unknown origin) with an anti-malware software before using them;
-
Beware of malware that comes as email or instant message attachments from unknown sources; some malware will disguise themselves as a greeting card or message; and
-
Stop all activities on the electronic devices if they become infected by malware.
Don’ts
-
Don’t install pirated software because most pirated software and their hosting websites contain malware;
-
Don’t visit suspicious websites and execute any attachment in an email or instant message unless you are sure what it will do; and
- Don’t release your file access permissions or personal passwords when connecting to the internet from public computers or Wi-Fi.
|
|
|
Reaching Out to Schools – Privacy Commissioner Attended the “Media and Information Literacy” Education Webinar
|
Privacy Commissioner Ms Ada CHUNG Lai-ling attended the “Media and Information Literacy” education webinar organised by Sing Tao Daily and gave a presentation to over 260 principals and teachers of primary and secondary schools as well as parents on “Say ‘No’ to Cyberbullying and Doxxing”.
During the webinar, apart from explaining to participants how to handle cyberbullying behaviour, the Privacy Commissioner also highlighted the doxxing offences introduced by the Personal Data (Privacy) (Amendment) Ordinance 2021 and provided some practical advice on how to protect personal data privacy in the use of social media and instant messaging apps.
Please click here for the presentation deck (Chinese only).
|
Celebrating International Women’s Day – Privacy Commissioner Spoke at the Event Entitled “Dare to Dream: A Celebration of Women with Vision”
|
Privacy Commissioner Ms Ada CHUNG Lai-ling attended the event entitled “Dare to Dream: A Celebration of Women with Vision” on 8 March, the International Women’s Day. She spoke at the panel discussion on “Meet the Visionaries”.
During the discussion, the Privacy Commissioner encouraged women to take steps to realise their dreams and build their careers. She also encouraged organisations to take practical steps to create a friendly working environment for working mothers, so as to enable more women to step into leadership roles and increase the inclusivity and diversity of organisations.
The event was jointly organised by the Association of Women Accountants and the Shenzhen Hong Kong Macau Women Directors Alliance Limited.
|
Reaching Out to University – Privacy Commissioner Highlighted Data Privacy Risks in the Cyberworld to University Students
|
Privacy Commissioner Ms Ada CHUNG Lai-ling highlighted data privacy risks in the cyberworld to university students at a guest lecture organised by the School of Law of the City University of Hong Kong on 28 February.
During the lecture, the Privacy Commissioner gave an overview of the six Data Protection Principles under the PDPO. She then discussed the privacy issues relating to the use of mobile applications and highlighted some recommendations to safeguard personal data privacy in the use of social media. The Privacy Commissioner also elaborated on some criminal offences under the PDPO in relation to online activities, including direct marketing offences and doxxing offences.
Please click here for the Privacy Commissioner’s presentation deck.
|
Reaching Out to the Community – Privacy Commissioner Interviewed by Metro Finance FM104’s “Viva Counselor”
|
Privacy Commissioner Ms Ada CHUNG Lai-ling was interviewed by Metro Finance FM104’s “Viva Counselor”.
During the interview, the Privacy Commissioner explained the definition of personal data under the PDPO, and the challenges posed to the protection of personal data privacy as a result of the widespread use of internet. The Privacy Commissioner also introduced the work of the PCPD in the handling of enquiries or complaints from members of the public in relation to suspected personal data fraud cases, and highlighted the enquiries received by the “Personal Data Fraud Prevention Hotline”.
The Privacy Commissioner also elaborated on how the PDPO applied to areas such as the monitoring of the work of domestic helpers, use of CCTV and drones and direct marketing. As regards the new doxxing offences, she explained the definition of “doxxing” and gave an account of the work of the PCPD in combatting doxxing offences.
The interview of the Privacy Commissioner was broadcast from 9:00pm to 9:30pm on four consecutive Mondays (27 February, 6 March, 13 March and 20 March respectively).
Please click here to listen to the audio recording on 27 February (Chinese only).
Please click here to listen to the audio recording on 6 March (Chinese only).
Please click here to listen to the audio recording on 13 March (Chinese only).
Please click here to listen to the audio recording on 20 March (Chinese only).
|
Reaching Out to Information Technology Sector – Head of Compliance Attended the Seminar on “Privacy Risks and Opportunities of Digital Marketing” Organised by Federation of Hong Kong Industries
|
Acting Chief Personal Data Officer (Compliance & Enquiries) of the PCPD Mr Brad KWOK spoke at the seminar on “Privacy Risks and Opportunities of Digital Marketing” on 17 March. The seminar was organised by the Federation of Hong Kong Industries.
Mr Kwok delivered a presentation entitled “Personal Data Privacy in the Digital Marketing World” to introduce the relevant statutory requirements under the PDPO. During the panel discussion, he also discussed various personal data privacy issues relating to consumer online behavioural tracking, information transparency and cyber security with other guest speakers, and shared the latest development and trends in related fields with the participants.
Please click here for the presentation deck.
|
|
|
A 31-year-old Chinese Male Arrested for a Suspected Doxxing Offence
|
The PCPD arrested a Chinese male aged 31 in Kowloon on 24 March 2023. He was suspected to have disclosed the personal data of a data subject without his consent, in contravention of section 64(3A) of the PDPO.
The investigation revealed that the victim and the arrested person once were intimate friends. Their relationship turned sour in early 2022. Thereafter, a total of four posts containing the victim’s personal data, some with negative comments on the victim, were published on two social media platforms between July and December 2022. The personal data disclosed included the victim’s Chinese name, English name, Hong Kong Identity Card (HKID card) number, mobile phone number, gender, age, photos, medical report and a partly redacted copy of the victim’s HKID card.
The PCPD reminds members of the public that doxxing is a serious offence. An offender is liable on conviction to a fine up to $1,000,000 and imprisonment for 5 years. The PDPO applies equally to the online world. To avoid breaking the law, members of the public should think twice before publishing or forwarding any doxxing messages on the internet or social media platforms.
Relevant Provisions under the PDPO
Pursuant to section 64(3A) of the PDPO, a person commits an offence if the person discloses any personal data of a data subject without the relevant consent of the data subject –
- with an intent to cause any specified harm to the data subject or any family member of the data subject; or
- being reckless as to whether any specified harm would be, or would likely be, caused to the data subject or any family member of the data subject.
A person who commits an offence under section 64(3A) is liable on conviction to a fine of $100,000 and imprisonment for 2 years.
Pursuant to section 64(3C) of the PDPO, a person commits an offence if –
- the person discloses any personal data of a data subject without the relevant consent of the data subject –
-
with an intent to cause any specified harm to the data subject or any family member of the data subject; or
-
being reckless as to whether any specified harm would be, or would likely be, caused to the data subject or any family member of the data subject; and
-
the disclosure causes any specified harm to the data subject or any family member of the data subject.
A person who commits an offence under section 64(3C) is liable on conviction on indictment to a fine of $1,000,000 and imprisonment for 5 years.
According to section 64(6) of the PDPO, specified harm in relation to a person means –
- harassment, molestation, pestering, threat or intimidation to the person;
- bodily harm or psychological harm to the person;
- harm causing the person reasonably to be concerned for the person’s safety or well-being; or
- damage to the property of the person.
|
The PCPD Urged the Public to Guard against Phishing Websites and Fraudulent SMS Messages
|
As the society resumes normalcy, many citizens have begun to travel abroad. The PCPD noted recent reports on a phishing website which claimed to provide submission service of electronic entry permit applications to a foreign government, with a view to swindling personal data, including credit card information, and money out of citizens in the process of declaring health conditions. In addition, the PCPD noted that some members of the public had recently received SMS messages allegedly issued by the HKeToll and several membership reward schemes (including CMHK MyLink, HKT The Club, MoneyBack, SmarTone, yuu), falsely claiming, respectively, that they could access the HKeToll website or there were reward points that were about to expire, thereby inducing citizens to click on the embedded hyperlinks that were used to obtain citizens’ personal data, including credit card information, and money.
In this regard, Privacy Commissioner Ms Ada CHUNG Lai-ling reminds members of the public to be cautious of phishing websites and fraudulent SMS messages. The Privacy Commissioner offers five tips to safeguard personal data privacy:
- Be vigilant: If there is a website or SMS message that solicits your personal data, including your name, Hong Kong Identity Card number, or even bank account or credit card number, you should think twice, find out the purpose of collection of such data and whether it is mandatory to provide it. Do not click on hyperlinks in unknown SMS messages, emails or webpages, and avoid visiting any suspicious websites or downloading attachments therein;
- Visit official websites: Governments of other jurisdictions will publish details regarding entry requirements on their official websites. Members of the public should visit the official websites directly for reliable information when they apply for entry permits. Similarly, the HKeToll and membership reward schemes will also provide the official login channels on their official websites or mobile apps. If you are in doubt about the authenticity of any SMS message, do not click on the link in the suspicious message. Instead, visit the official websites or mobile apps directly to ascertain the particulars of the HKeToll or login to your account to check your reward points or expiry dates;
- Keep an eye on your accounts and transactions: Monitor your online banking accounts or membership reward schemes’ accounts from time to time, watch out for any unusual login records of your accounts and personal emails, and pay attention to any unauthorised transfers or transactions in your bank accounts or credit card accounts;
- Protect your passwords: Change the passwords of the accounts of your membership reward schemes from time to time and activate the two-factor authentication feature (if any), and never disclose passwords to anyone; and
- Fraud prevention information: Pay attention to fraud prevention messages published by the PCPD, the Police or relevant organisations to guard against phishing websites or fraudulent SMS messages.
The PCPD has already set up a “Personal Data Fraud Prevention Hotline” 3423 6611. Members of the public are welcome to call the hotline to make enquiries or complaints if they encounter any suspected data scam.
|
Two Men Arrested for Suspected Doxxing Relating to Rental Disputes
|
The PCPD arrested two men on Hong Kong Island on 9 March 2023. They were respectively suspected to have disclosed the personal data of another person without the data subject’s consent, in contravention of section 64(3A) of the PDPO.
The investigation of the first case revealed that the arrested person (aged 40) leased a residential unit to the victim in July 2022. Subsequently, rental disputes arose between the parties. In September 2022, the tenancy was terminated and the victim moved out of the unit. Shortly afterwards, the personal data of the victim was posted in a group on a social media platform (the Group) on two occasions in September 2022 with negative comments on the victim. The personal data of the victim, including his English name (with one alphabet redacted), Chinese surname, partial Hong Kong Identity Card (HKID card) number, workplace and the name of his employer, were disclosed.
In the second case, the arrested person (aged 42) leased a residential unit to another victim in December 2021. The victim later moved out of the said unit in January 2023 because of rental disputes between the parties. The victim later discovered that her personal data was posted in the Group on four occasions between November 2022 and February 2023 with negative comments on her. The personal data of the victim, including her Chinese and English names, partial HKID card number, date of birth and occupation, were disclosed.
|
Highlights of the “Measures on the Standard Contract for Cross-border Transfers of Personal Information”
《個人信息出境標準合同辦法》的重點
|
The Measures on the Standard Contract for Cross-border Transfers of Personal Information (the Measures) was promulgated by the Cyberspace Administration of China (CAC) on 24 February 2023. The Measures, which consists of 13 provisions and a template standard contract, is drafted pursuant to legislations and regulations including the Personal Information Protection Law (PIPL) and aims at providing further guidance to personal information processors in relation to the transfers of personal information out of the Mainland as prescribed by Article 38(3) of the PIPL. The Measures will come into effect on 1 June 2023. This article provides an overview of the Measures.
為進一步保護個人信息權益和規範個人信息出境活動,國家互聯網信息辦公室 於2023年2月24日發布《個人信息出境標準合同辦法》 (《標準合同辦法》) 1。《標準合同辦法》共有十三條規定,並附有個人信息出境標準合同的範本,規定個人信息處理者如根據《個人信息保護法》第三十八條第(三)項,透過與境外接收方訂立合同以向境外提供個人信息,便須按照《標準合同辦法》的規定訂立個人信息出境標準合同(標準合同)。《標準合同辦法》將於2023年6月1日起實施,重點如下:
適用情況
《標準合同辦法》列明個人信息處理者如同時符合下列情況,可以通過訂立標準合同的方式向境外提供個人信息2:
- 非關鍵信息基礎設施運營者;
- 處理個人信息未滿一百萬人的;
- 自上年1月1日起累計向境外提供個人信息不滿十萬人的;
- 自上年1月1日起累計向境外提供敏感個人信息不滿一萬人的。
《標準合同辦法》的重點要求
根據《標準合同辦法》,個人信息處理者應當嚴格按照標準合同範本訂立3,於向境外提供個人信息前開展個人信息保護影響評估4,並將評估報告連同標準合同於合同生效日起計10個工作天內向所在地省級網信部門備案5。標準合同生效後方可開展個人信息出境活動6。
此外,《標準合同辦法》清楚指明個人信息處理者不得採取數量拆分等手段,將依法應當通過出境安全評估的個人信息通過訂立標準合同的方式向境外提供7。
標準合同
標準合同範本的內容涵蓋個人信息處理者和境外接收方的義務8、境外接收方所在地的個人信息保護政策和法規對合同履行的影響9、個人信息主體的權利10、個人信息主體尋求救濟的方式11、違約責任12等。個人信息處理者和境外接收方亦可按需要加入其他條款,但不得與標準合同相衝突。
個人信息保護影響評估
《標準合同辦法》列明個人信息保護影響評估的重點評估內容如下13︰
- 個人信息處理者和境外接收方處理個人信息的目的、範圍、方式等的合法性、正當性、必要性;
- 出境個人信息的規模、範圍、種類、敏感程度,個人信息出境可能對個人信息權益帶來的風險;
- 境外接收方承諾承擔的義務,以及履行義務的管理和技術措施、能力等能否保障出境個人信息的安全;
- 個人信息出境後遭到篡改、破壞、洩露、丟失、非法利用等的風險,個人信息權益維護的渠道是否通暢等;
- 境外接收方所在國家或者地區的個人信息保護政策和法規對標準合同履行的影響;
- 其他可能影響個人信息出境安全的事項。
在標準合同有效期內出現下列情形之一的,個人信息處理者應當重新開展個人信息保護影響評估,補充或者重新訂立標準合同,並履行相應備案手續14:
- 向境外提供個人信息的目的、範圍、種類、敏感程度、方式、保存地點或者境外接收方處理個人信息的用途、方式發生變化,或者延長個人信息境外保存期限的;
- 境外接收方所在國家或者地區的個人信息保護政策和法規發生變化等可能影響個人信息權益的;
- 可能影響個人信息權益的其他情形。
總結
總括而言,《標準合同辦法》為個人信息處理者透過與境外接收方訂立合同的個人信息跨境方式提供了落地藍本,明確地規管個人信息處理者和境外接收方的義務。有關個人信息處理者和境外接收方宜密切留意《標準合同辦法》的最新要求,如在《標準合同辦法》實施前(即2023年6月1日前)已經開展個人信息出境活動但不符合有關規定,應在《標準合同辦法》實施之日起6個月內(即2023年11月30日前)完成整改15。
1 全文:http://www.cac.gov.cn/2023-02/24/c_1678884830036813.htm
2《標準合同辦法》第四條
3《標準合同辦法》第六條
4《標準合同辦法》第五條
5《標準合同辦法》第七條
6《標準合同辦法》第六條
7《標準合同辦法》第四條
8 標準合同範本第二及第三條
9 標準合同範本第四條
10 標準合同範本第五條
11 標準合同範本第六條
12 標準合同範本第八條
13《標準合同辦法》第五條
14《標準合同辦法》第八條
15《標準合同辦法》第十三條
|
|
|
RECOMMENDED ONLINE TRAININGS
|
Online Practical Workshop on Data Protection in Property Management Practices
|
This workshop is designed for property management practitioners who wish to learn how to comply with the requirements under the PDPO and address data protection compliance challenges when engaging in property management practices that involve collecting personal data of flat owners, residents, visitors, car park users and others.
Date: 19 April 2023 (Wednesday)
Time: 2:15pm – 4:15pm
Fee: $750/$600*
(*Members of the DPOC and the supporting organisations may enjoy the discounted fee)
Language: Cantonese
Who should attend: property management personnel, data protection officers, compliance officers, solicitors
|
Practical Workshop on Data Protection in Insurance (Online and Face-to-face)
|
This workshop is designed for insurance practitioners who wish to acquire knowledge of protecting customers’ personal data in their daily operations. It will examine core concepts of data protection compliance, illustrating various scenarios in the industry operations to highlight potential issues and the solutions in relation to the protection of personal data privacy.
Date: 26 April 2023 (Wednesday)
Time: 2:15pm – 5:15pm
Fee: $750/$600*
(*Members of the DPOC and the supporting organisations may enjoy the discounted fee)
Language: Cantonese
Who should attend: insurance practitioners, data protection officers, compliance officers, solicitors, advisers and other personnel undertaking work relating to the insurance industry
|
Other Professional Workshops on Data Protection from May to June 2023:
|
Online Free Seminar – Introduction to the PDPO Seminar
|
The PCPD organises free introductory seminars regularly to raise public awareness and understanding of the PDPO. Details of the upcoming sessions are as below:
|
Seminar Outline:
- A general introduction to the PDPO;
- The six Data Protection Principles;
- Offences and compensation;
- Direct marketing; and
- Q&A session.
|
Arrange an In-house Seminar for Your Organisation
|
Teaching employees how to protect personal data privacy is increasingly recognised as an important part of employee training. If you wish to arrange an in-house seminar for your organisation to learn more about the PDPO and data privacy protection, you can make a request for an in-house seminar via our online form.
The seminar outline is as follows:
- A general introduction to the PDPO;
- The six Data Protection Principles (industry-related cases will be illustrated);
- Handling of data breach incidents;
- Direct marketing;
- Offences and compensation; and
- Q&A session.
Duration: 1.5 hours
|
Renewal of DPOC’s Membership
|
Renew your DPOC membership today and continue to enjoy privileged access to course enrolments throughout the year!
Special Offer for Organisational Renewals:
Organisations can join the 2-for-1 scheme, which enables you to receive two memberships for the price of one annual fee (HK$350).
Renew your membership now to keep up-to-date with the latest news and legal developments!
|
The PCPD values the opinions of all our DPOC members. We love to hear your ideas and suggestions on what privacy topics you would like to learn more about. Email your thoughts to us at dpoc@pcpd.org.hk and we shall include the most popular topics in our future e-newsletters.
|
|
|
Contact Us
Address: Unit 1303, 13/F, Dah Sing Financial Centre, 248 Queen's Road East, Wanchai, Hong Kong
Tel: 2827 2827
If you do not wish to receive the PCPD e-Newsletter, please click here to unsubscribe.
|
Copyright
Disclaimer
The information and suggestions provided in this publication are for general reference only. They do not serve as an exhaustive guide to the application of the law. The Privacy Commissioner makes no express or implied warranties of accuracy or fitness for a particular purpose or use with respect to the information and suggestions set out in this publication. This publication also contains information or suggestions contributed by others, whose views or opinions are solely those of the contributors and do not necessarily reflect or represent those of the Privacy Commissioner. All information and suggestions provided in this publication will not affect the functions and powers conferred upon the Privacy Commissioner under the Personal Data (Privacy) Ordinance.
The PCPD shall not be liable for any damages (including but not limited to damages for loss of business or loss of profits) arising in contract, tort or otherwise from (i) the use of or inability to use this publication or its content, or (ii) from any action taken or decision made on the basis of the content of this publication.
If you click any hyperlink in this publication that brings you to sites operated by other organisations, the PCPD accepts no responsibility for the contents of those sites and shall not be liable for any loss or damage arising out of and/or incidental to the use of the contents.
|
|
|
|