PCPD e-NEWSLETTER
ISSUE Apr 2023
|
|
|
|
PCPD e-NEWSLETTER
ISSUE Apr 2023
|
|
|
|
Privacy Commissioner for Personal Data, Hong Kong, Visits the Office for Personal Data Protection, Macao, to Strengthen Ties and Foster Collaboration
|
Hong Kong’s Privacy Commissioner for Personal Data, Ms Ada CHUNG Lai-ling (left), and Head of the Office for Personal Data Protection, Macao, Mr Ken YEUNG (right), held a meeting in Macao on 24 April
|
The Office of the Privacy Commissioner for Personal Data, Hong Kong (PCPD) and the Office for Personal Data Protection, Macao (GPDP) held discussion on various data protection issues including the enforcement work conducted by the two offices, cross-border transfers of personal data and stronger collaboration in the development of the Guangdong-Hong Kong-Macao Greater Bay Area (Greater Bay Area). Hong Kong’s Privacy Commissioner for Personal Data (Privacy Commissioner) Ms Ada CHUNG Lai-ling said “The PCPD is grateful for the hospitality of the GPDP. The two data protection authorities have been implementing the requirements of their respective data protection laws and striving to enforce the laws to better protect the personal data privacy of citizens. Hong Kong and Macao, being Special Administrative Regions (SARs) of the country are uniquely positioned in the Greater Bay Area. With the promulgation of the Outline Development Plan for the Guangdong-Hong Kong-Macao Greater Bay Area, the PCPD would foster its collaboration with the GPDP to contribute to the development of the Greater Bay Area.” Head of the Macao GPDP, Mr Ken YEUNG, said, “The GPDP welcomes the visit of the Privacy Commissioner and her delegation for exchanging views and experiences. Both Hong Kong and Macao have very mature personal data protection regimes and the two offices have long supported, collaborated and cooperated with each other. With the country’s gradual strengthening of the legislation on personal data protection, the two data protection authorities will further foster their existing cooperation under the “One Country, Two Systems” regime, and make greater contribution to the country and the two SARs’ work on personal data protection, as well as the high-quality development of the society.” The Privacy Commissioner also visited the Public Security Police Force of Macao in the morning. In the afternoon, the Privacy Commissioner visited the Polícia Judiciária and its Cybersecurity Incident Alert and Response Centre to learn more about their cybersecurity and criminal investigation work in relation to personal data protection. The Privacy Commissioner also exchanged views with the GPDP on how the anti-doxxing regime was implemented in Hong Kong since the enactment of the Personal Data (Privacy) Amendment Ordinance 2021.
|
Privacy Commissioner Publishes an Article Entitled “Tech Firms Need to Develop AI Ethically and Responsibly”
|
Privacy Commissioner Ms Ada CHUNG Lai-ling published an article entitled “Tech Firms Need to Develop AI Ethically and Responsibly”.
The Privacy Commissioner pointed out that with the rise of Artificial Intelligence (AI), and in particular, the popularity of Generative AI-powered chatbots, tech companies have a duty to review and critically assess the implications of their AI systems on data privacy and ethics, and ensure that laws and guidelines are adhered to.
The PCPD published the “Guidance on the Ethical Development and Use of Artificial Intelligence” earlier to provide organisations with recommended internationally recognised ethical AI principles to facilitate their compliance with the requirements of the Personal Data (Privacy) Ordinance (PDPO) and mitigate the relevant privacy and ethical risks.
The article was published in HK01, Hong Kong Economic Journal, Hong Kong Economic Times, Ming Pao, Sing Tao Daily, South China Morning Post and Ta Kung Pao on 17 April.
Please click here to read the article in Chinese.
Please click here to read the article in English.
|
Privacy Commissioner’s Office Receives Third Consecutive Recognition as “Manpower Developer”
|
The PCPD has been awarded for the third time by the Employees Retraining Board (ERB) as a “Manpower Developer”. The award gives a boost to the PCPD’s commitment to manpower training and development.
The PCPD has been awarded for three consecutive terms as a “Manpower Developer” since 2018. The current award will last until 31 March 2025.
Privacy Commissioner Ms Ada CHUNG Lai-ling is delighted to share the award with her team and thanked the ERB for recognising the work of the PCPD in manpower training and development. The Privacy Commissioner said “in the face of the changes to the protection of personal data privacy brought about by the development of big data, artificial intelligence and digitisation, I am pleased that my colleagues are upholding the mission of protecting personal data privacy in a fair, impartial and professional manner. Looking ahead, the PCPD will continue to provide a pleasant working environment with proper training and development for our staff to rise to the increasing challenges and opportunities in future.”
|
|
|
What is a Personal Information Collection Statement?
|
|
PRIVACY COMMISSIONER’S FINDINGS
|
PRIVACY COMMISSIONER’S FINDINGS
|
A Company Charged a Data Access Request Fee Notwithstanding that it Did Not Hold the Requested Data
|
|
Safe Surfing Online – Protect Yourself from Flash Phishing Attacks
|
|
|
A 27-year-old Chinese Female Arrested for a Suspected Doxxing Offence
|
RECOMMENDED ONLINE TRAININGS
|
Webinar for Parents: Prevention and Handling of Cyberbullying and Doxxing Behaviour involving Students
|
Online Professional Workshops
|
Free Online Seminar: Introduction to the PDPO
|
Arrange an In-house Seminar for Your Organisation
|
RENEWAL OF DPOC’S MEMBERSHIP
|
|
Reaching Out to the Community – Privacy Commissioner Interviewed by RTHK TV 32’s “Hong Kong United”
|
Fostering a Smarter Future – Privacy Commissioner Attends the 2023 Digital Economy Summit
|
Secretary for Constitutional and Mainland Affairs and Privacy Commissioner Attend Special Meeting of the Legislative Council Finance Committee
|
Telling the World a Good Hong Kong Story – Assistant Privacy Commissioner Attends the IAPP Global Privacy Summit 2023
|
Reaching Out to the Community – Assistant Privacy Commissioner Interviewed by Now News’ “Now Report”
|
Reaching Out to Social Welfare Sector – PCPD Officer Speaks at the Information Technology Security Seminar
|
|
Release of the “Draft Measures for the Management of the Services by Generative AI” 《生成式人工智能服務管理辦法(徵求意見稿)》之發布
|
EU: EDPB Publishes Guidelines on Personal Data Breach Notification under GDPR
|
EU: EDPB Resolves Dispute on Data Transfers by Meta, Creates ChatGPT Task Force
|
California: CPPA Publishes Finalised Revised CCPA Regulations
|
UK: ICO Issues Guidance for Developers and Users of Generative AI
|
|
|
What is a Personal Information Collection Statement?
Have you clearly informed your customers or clients of the purpose of collecting their personal data and how you will use it? This is an important question to all organisations (as data users) if their daily operations involve the collection or handling of the personal data of the individuals (as data subjects) for certain purposes. To comply with the notification requirements under Data Protection Principle 1(3) of the PDPO, a Personal Information Collection Statement (PICS) should be provided to a data subject by a data user on or before collecting individuals’ personal information. The statement should contain the following information:
-
A purpose statement for which personal data will be used;
-
The classes of persons to whom the personal data may be transferred or disclosed;
-
Whether it is obligatory or voluntary for the individual to supply his personal data; and where it is obligatory, the consequences of failing to supply it;
-
The right of the data subject to request access to and correction of his personal data; and
-
The contact details of the officer who will handle relevant data access or correction requests.
In addition to the above content, the PICs should be presented in a readable and understandable manner. Check out the useful tips below to build an effective PICS to communicate with your clients:
- Be specific – the purposes stated in the PICS should not be too vague or wide in scope. The class of transferees should be clearly defined;
-
Be easily readable – the layout and presentation (including font size, spacing, underling, use of headings, etc.) of the PICS should be easy to read by customers with normal eyesight. You may present the PICs in a conspicuous manner, such as in a stand-alone notice or section; and
-
Use reader-friendly language – use simple language and avoid using difficult terms.
Please view the PCPD’s publication below to learn more on preparing an effective PICs:
Guidance on Preparing Personal Information Collection Statement and Privacy Policy Statement
|
|
|
PRIVACY COMMISSIONER’S FINDINGS
|
A Company Charged a Data Access Request Fee Notwithstanding that it Did Not Hold the Requested Data
|
The Complaint
The complainant was a former employee of a company. After leaving the company, he made a data access request (DAR) to the company for the following records from his personnel file:
- Complaints made against him by customers or suppliers;
- Breaches of the employment contract or warnings sent to him by the company; and
- The record of the termination of his employment due to his breach of the Employment Ordinance (Cap 57).
In its reply to the DAR, the company requested a DAR fee of HK$906.5 (the Fee). Nonetheless, upon further enquiry, the complainant was informed that the company did not hold the requested data. He therefore lodged a complaint with the PCPD against the company for imposing the Fee on him.
Outcome
Section 28 of the PDPO states that a data user may impose a fee for complying with a DAR, which should not be excessive. This only applies when the data user complies with the DAR by providing the requestor with a copy of the requested personal data.
The company confirmed to the PCPD that it did not hold the data requested by the complainant. The PCPD thus assessed that the company could not charge the complainant the Fee for complying with the DAR. After the PCPD explained the requirements under the PDPO to the company, the company sent a written reply to the complainant confirming that it did not hold the requested data, and did not request payment of the Fee. As the PCPD had found that the imposition of the Fee in the present case did not comply with the requirements of the PDPO, the PCPD issued a warning to the company, urging it to comply with the relevant requirements under the PDPO when handling data access requests in the future.
Lessons Learnt
The PDPO allows a data user to impose a non-excessive fee for complying with a DAR. However, the imposition of a fee is not allowed in situations where the data user does not hold the requested data. If data users do not hold the requested data, they are required to inform the requestor in writing within the 40-day time limit.
|
Safe Surfing Online – Protect Yourself from Flash Phishing Attacks
The digitalisation of services, in both the public and private sectors, offers tremendous convenience to citizens. However, before submitting your personal information onto e-platforms, have you stayed vigilant to identify whether it is an “official website” or a “phishing website”?
Recently, it is noticeable that cybercriminals have been using a new tactic to steal the personal information and use it in financial fraud, which is called “flash phishing attacks”.
Under flash phishing attacks, cybercriminals first continuously register different domain names targeted at specific organisations. They then launch fake websites using the registered domains and send phishing messages with a link to internet users through different channels (such as email, SMS, Instant Message, etc,.). After a few days of attack, the cybercriminals will deregister those fake domain names and relaunch a new round of attacks with another set of domain names. These phishing websites could then easily evade from investigations and blacklisting due to a short lifespan.
To avoid taking the bait of being a victim of the flash phishing attack, you may identify three common types of fake domain names of phishing websites:
- Append random characters to the legitimate domain name;
- Substitute a similar character or repeat an original character of the legitimate domain name; and
- Use another top-level domain.
The following are also some pieces of advice for internet users to safeguard their personal data when surfing the internet:
- Pay attention to the spelling of domain names of websites and check their authority;
- Do not assume a website that uses HTTPS is a legitimate site;
- Verify any messages received, especially for users of mobile devices;
- Do not click any links or open any attachment casually; and
- Verify the legitimacy of a website before providing personal information.
|
|
|
Reaching Out to the Community – Privacy Commissioner Interviewed by RTHK TV 32’s “Hong Kong United”
|
Privacy Commissioner Ms Ada CHUNG Lai-ling was interviewed by RTHK TV 32’s “Hong Kong United” earlier about the personal data privacy issues involved in generative artificial intelligence (AI)-powered chatbots, like ChatGPT. During the interview, the Privacy Commissioner said that the operation and training of AI often involves the use of raw data or information, which may contain personal data. The Privacy Commissioner reminded the public to be vigilant and avoid disclosing their personal data or other people’s personal data during conversations when using chatbots; they should read the privacy policy of the service carefully before registering to use chatbots to understand how their data would be collected and used; they should also install and use chatbots through official websites or app stores. In addition, in August 2021, the PCPD issued the “Guidance on the Ethical Development and Use of Artificial Intelligence”, which set out internationally recognised ethical AI principles. Other than complying with the requirements of the PDPO when they develop and use AI systems, organisations should also comply with these principles to mitigate the privacy and ethical risks involved. Please click here to view the interview broadcast on 25 April (Chinese only).
|
Fostering a Smarter Future – Privacy Commissioner Attends the 2023 Digital Economy Summit
|
Privacy Commissioner Ms Ada CHUNG Lai-ling and Assistant Privacy Commissioner for Personal Data (Legal, Global Affairs & Research) Ms Cecilia SIU attended the 2023 Digital Economy Summit jointly organised by the HKSAR Government and Cyberport on 13 and 14 April.
The summit gathered world-renowned tech visionaries to discuss and exchange their views on the latest trends in smart city developments, data innovation, FinTech, Web3, AI & big data, etc. Topics on how smart city technologies will empower economies and help accelerate the formation of digital societies were also discussed.
|
Secretary for Constitutional and Mainland Affairs and Privacy Commissioner Attend Special Meeting of the Legislative Council Finance Committee
|
Mr Erick TSANG Kwok-wai, GBS, IDSM, JP, Secretary for Constitutional and Mainland Affairs, attended a special meeting of the Legislative Council Finance Committee on 12 April to introduce the estimated expenditure for the Constitutional and Mainland Affairs Bureau for 2023-24. Privacy Commissioner Ms Ada CHUNG Lai-ling also attended the meeting to answer questions raised by Legislative Council members. Please click here for the opening remarks of the Secretary for Constitutional and Mainland Affairs (in Chinese only).
|
Telling the World a Good Hong Kong Story – Assistant Privacy Commissioner Attends the IAPP Global Privacy Summit 2023
|
Assistant Privacy Commissioner for Personal Data (Legal, Global Affairs & Research) Ms Cecilia SIU and Legal Counsel of the PCPD Ms Clemence WONG attended the “IAPP Global Privacy Summit 2023” organised by the International Association of Privacy Professionals (IAPP) in Washington DC, the United States, from 2 to 5 April.
The conference was joined by about 5000 representatives from data protection authorities and privacy professionals all over the globe to discuss and exchange their views on the latest developments in the protection of personal data. Topics range from legislative updates, artificial intelligence, children’s privacy, international data transfers, health care privacy to online advertising, etc.
|
Reaching Out to the Community – Assistant Privacy Commissioner Interviewed by Now News’ “Now Report”
|
Assistant Privacy Commissioner for Personal Data (Legal, Global Affairs & Research) Ms Cecilia SIU was interviewed by Now News’ “Now Report” to explain the requirements of the PDPO in relation to the protection of children privacy. During the interview, Ms Siu noted that in recent years some parents have created social media accounts or personal pages for their children, primarily to record their children’s growth for recollection. Ms Siu pointed out that parents’ posting of photos and/or videos of their children’s daily lives on social media platforms may involve the disclosure of the children’s personal data. Ms Siu also suggested that parents can choose to upload videos or photos of their children’s everyday life without disclosing their appearance and/or features (e.g. taking pictures of children’s back/side or covering children’s appearance and/or features with emojis). This will enable the recording of children’s growth while protecting their personal data privacy.
The interview, which was broadcast on 2 April, can be viewed here (first part, second part) (Chinese only).
|
Reaching Out to Social Welfare Sector – PCPD Officer Speaks at the Information Technology Security Seminar
|
Personal Data Officer (Information Technology) of the PCPD Mr Tamson TAM spoke at the Information Technology Security Seminar organised by the Information Technology Resource Centre of the Hong Kong Council of Social Service on 28 March, during which he gave an overview of the “Guidance Note on Data Security Measures for Information and Communications Technology” issued by the PCPD to the participants.
Please click here for the presentation deck (Chinese Only).
|
|
|
A 27-year-old Chinese Female Arrested for a Suspected Doxxing Offence
|
The PCPD arrested a Chinese female aged 27 in Kowloon on 19 April. She was suspected to have disclosed the personal data of a data subject without consent, in contravention of section 64(3A) of the PDPO.
The investigation revealed that the arrested person was a close friend of the victim’s exgirlfriend (ex-girlfriend). She got acquainted with the victim through the ex-girlfriend in February 2022. In July 2022, the victim broke up with his ex-girlfriend. Thereafter, a post containing the victim’s personal data with negative comments on the victim was found on a social media platform in July 2022. The personal data disclosed included the victim’s Chinese name, company and residential addresses, mobile phone number, social media account name and photos.
The PCPD reminds members of the public that doxxing is a serious offence. An offender is liable on conviction to a fine up to $1,000,000 and imprisonment for 5 years. The PDPO applies equally to the online world. To avoid breaking the law, members of the public should think twice before publishing or forwarding any doxxing messages on the internet or social media platforms.
Relevant provisions under the PDPO
Pursuant to section 64(3A) of the PDPO, a person commits an offence if the person discloses any personal data of a data subject without the relevant consent of the data subject –
- with an intent to cause any specified harm to the data subject or any family member of the data subject; or
- being reckless as to whether any specified harm would be, or would likely be, caused to the data subject or any family member of the data subject.
A person who commits an offence under section 64(3A) is liable on conviction to a fine of $100,000 and imprisonment for 2 years.
Pursuant to section 64(3C) of the PDPO, a person commits an offence if –
- the person discloses any personal data of a data subject without the relevant consent of the data subject –
- with an intent to cause any specified harm to the data subject or any family member of the data subject; or
- being reckless as to whether any specified harm would be, or would likely be, caused to the data subject or any family member of the data subject; and
- the disclosure causes any specified harm to the data subject or any family member of the data subject.
A person who commits an offence under section 64(3C) is liable on conviction on indictment to a fine of $1,000,000 and imprisonment for 5 years.
According to section 64(6) of the PDPO, specified harm in relation to a person means –
- harassment, molestation, pestering, threat or intimidation to the person;
- bodily harm or psychological harm to the person;
- harm causing the person reasonably to be concerned for the person’s safety or wellbeing; or
- damage to the property of the person.
|
Release of the “Draft Measures for the Management of the Services by Generative AI” 《生成式人工智能服務管理辦法(徵求意見稿)》之發布
|
On 11 April 2023, the Cyberspace Administration of China (CAC) issued the “Draft Measures for the Management of the Services by Generative AI” (the Draft Measures)1 for public consultation. The Draft Measures sets out the key requirements with which providers of Generative AI products and services are expected to comply. The consultation period will last till 10 May 2023 and this article provides an overview of the Draft Measures.
為促進生成式人工智能技術的健康發展和規範其應用,國家互聯網信息辦公室於2023年4月11日發布《生成式人工智能服務管理辦法(徵求意見稿)》 (《徵求意見稿》),並歡迎社會各界人士提出意見。《徵求意見稿》的意見反饋截止日期為2023年5月10日,重點如下:
規管對象及適用情況
《徵求意見稿》適用於在境內研發、利用生成式人工智能產品,向境內公眾提供服務的提供者2。「生成式人工智能」是指基於算法、模型、規則生成文本、圖片、聲音、視頻、代碼等內容的技術3。
《徵求意見稿》的重點内容
根據《徵求意見稿》,提供者應當遵守國内法律法規的要求,尊重社會公德、公序良俗,並須符合相關要求4,包括:
- 利用生成式人工智能生成的內容體現社會主義核心價值觀,不得含有顛覆國家政權、推翻社會主義制度,煽動分裂國家、破壞國家統一,宣揚恐怖主義、極端主義,宣揚民族仇恨、民族歧視,暴力、淫穢色情信息,虛假信息,以及可能擾亂經濟秩序和社會秩序的內容;
- 在算法設計、訓練數據選擇、模型生成和優化、提供服務等過程中,提供者須採取措施防止出現種族、民族、信仰、國別、地域、性別、年齡、職業等歧視;
- 利用生成式人工智能生成的內容應當真實準確,採取措施防止生成虛假信息;及
- 尊重他人合法利益,防止傷害他人身心健康,損害肖像權、名譽權和個人隱私,侵犯知識產權。禁止非法獲取、披露、利用個人信息和隱私、商業秘密。
值得注意的是,《徵求意見稿》要求利用生成式人工智能產品的有關提供者在向公眾提供服務前,應按照《具有輿論屬性或社會動員能力的互聯網信息服務安全評估規定》5向國家網信部門申報安全評估,並按照《互聯網信息服務算法推薦管理規定》6履行算法備案和變更、注銷備案手續7。
《徵求意見稿》特別提到提供者應當對生成式人工智能產品的預訓練數據或優化訓練數據來源的合法性負責8。用於生成式人工智能產品的預訓練或優化訓練之數據,應滿足以下要求:
- 符合《網絡安全法》等法律法規的要求;
- 不含有侵犯知識產權的內容;
- 數據包含個人信息的,應當征得個人信息主體同意或者符合法律、行政法規規定的其他情形;
- 能夠保證數據的真實性、準確性、客觀性、多樣性;
- 國家網信部門關於生成式人工智能服務的其他監管要求。
《徵求意見稿》的其他重點内容包括:
- 提供者須按照《網絡安全法》9的規定,要求用戶提供真實身份信息10;
- 對於運行中發現、用戶舉報的不符合《徵求意見稿》要求的生成內容,提供者除採取內容過濾等措施外,應在3個月內通過模型優化訓練等方式防止再次生成11;和
- 提供者應當按照《互聯網信息服務深度合成管理規定》12對生成的圖片、視頻等內容進行標識13。
另外,網信部門和有關主管部門若發現提供者違反《徵求意見稿》的規定,將可按照《數據安全法》、《網絡安全法》和《個人信息保護法》14等法律、行政法規予以處罰。法律、行政法規沒有規定的,網信部門和有關主管部門可依據職責給予警告、通報批評,責令限期改正;拒不改正或者情節嚴重的,責令暫停或者終止其利用生成式人工智能提供服務,並處一萬元以上十萬元以下罰款15。
總結
總括而言,《徵求意見稿》就目前生成式人工智能服務和技術的最新發展,對服務提供者提出了詳盡的規定和義務。《徵求意見稿》與2023年1月實施的《互聯網信息服務深度合成管理規定》互相呼應,體現了國內相當重視對當前急速發展的人工智能科技及產業的監管。《徵求意見稿》亦與《個人信息保護法》、《中華人民共和國網絡安全法》和《中華人民共和國數據安全法》等法律法規密切相關,突顯出研發及使用生成式人工智能時合法地使用個人資料和數據至關重要。
1 全文:http://www.cac.gov.cn/2023-04/11/c_1682854275475410.htm
2 根據《徵求意見稿》第五條,「提供者」是指利用生成式人工智能產品提供聊天和文本、圖像、聲音生成等服務的組織和個人。
3《徵求意見稿》第二條
4《徵求意見稿》第四條
5《具有輿論屬性或社會動員能力的互聯網信息服務安全評估規定》全文:
http://www.gov.cn/zhengce/zhengceku/2018-11/30/content_5457763.htm
6《互聯網信息服務算法推薦管理規定》全文:http://www.cac.gov.cn/2022-01/04/c_1642894606364259.htm
7《徵求意見稿》第六條
8《徵求意見稿》第七條
9《網絡安全法》全文:http://www.gov.cn/xinwen/2016-11/07/content_5129723.htm
10《徵求意見稿》第九條
11《徵求意見稿》第十五條
12 《互聯網信息服務深度合成管理規定》全文:
http://www.gov.cn/zhengce/zhengceku/2022-12/12/content_5731431.htm
13《徵求意見稿》第十六條
14 《個人信息保護法》 全文:
http://www.npc.gov.cn/npc/c30834/202108/a8c4e3672c74491a80b53a172bb753fe.shtml
15《徵求意見稿》第二十條
|
|
|
RECOMMENDED ONLINE TRAININGS
|
Webinar for Parents: Prevention and Handling of Cyberbullying and Doxxing Behaviour involving Students
|
As technological advancement is rapidly changing the world, online activities have become an indispensable part of students’ daily lives. However, cyberbullying and “doxxing” acts occur from time to time. As the guardians of their children, how can parents prevent their kids from being bullied or “doxxed” online? What can parents do to provide support and counselling to their children if they become victims of cyberbullying and doxxing?
In this webinar, Privacy Commissioner Ms Ada CHUNG Lai-ling will explain the serious consequences of cyberbullying and “doxxing” behaviour. Speakers from the education and social work sectors will also share their experience in the prevention and handling of children’s cyberbullying behaviour, with a view to helping participants in teaching their children to say “No” to cyberbullying and “doxxing”.
Date: 5 May 2023 (Friday)
Time: 6:00 – 7:30 pm
Language: Cantonese
Who should attend: Parents and other interested parties
|
Professional Workshop on Data Protection in Banking / Financial Services
|
With the rapid development and extensive use of fintech in recent years, practitioners of the banking and financial industry may face different data privacy issues in their business operations. It is necessary for the industry practitioners to have a clear understanding of the requirements under the PDPO. This workshop examines the risks of handling personal data in the daily operation of banking and financial services organisations, and provides practical advice on how to deal with these issues effectively.
Date: 10 May 2023 (Wednesday)
Time: 2:15pm – 5:15pm
Fee: $750/$600*
(*Members of the DPOC and the supporting organisations may enjoy the discounted fee)
Language: Cantonese
Who should attend: Data protection officers, compliance officers, company secretaries, solicitors, advisers and other personnel undertaking work relating to the banking / financial industry.
|
Professional Workshop on Data Protection and Data Access Request
|
Receiving Data Access Requests (DAR) is a frequent occurrence for many organisations, from job applicants requesting recruitment agencies to provide copies of information relating to their unsuccessful applications, to employees requesting employers for copies of their previous appraisal reports. Handling DAR properly, effectively and in a timely manner poses a challenge to many organisations. This workshop will examine in detail the compliance requirements for handling DAR under the PDPO and offer practical guidance to participants on handling DAR.
Date: 17 May 2023 (Wednesday)
Time: 2:15pm – 5:15pm
Fee: $750/$600*
(*Members of the DPOC and the supporting organisations may enjoy the discounted fee)
Language: Cantonese
Who should attend: Data protection officers, compliance officers, company secretaries, administration managers, IT managers, solicitors, database managers and marketing professionals
|
Other Professional Workshops on Data Protection from May to June 2023:
|
Online Free Seminar – Introduction to the PDPO Seminar
|
The PCPD organises free introductory seminars regularly to raise public awareness and their understanding of the PDPO. Details of the upcoming sessions are as below:
|
Seminar Outline:
- A general introduction to the PDPO;
- The six Data Protection Principles;
- Offences and compensation;
- Direct marketing; and
- Q&A session.
|
Arrange an In-house Seminar for Your Organisation
|
Teaching employees how to protect personal data privacy is increasingly recognised as an important part of employee training. If you wish to arrange an in-house seminar for your organisation to learn more about the PDPO and data privacy protection, you can make a request for an in-house seminar via our online form.
The seminar outline is as follows:
- A general introduction to the PDPO;
- The six Data Protection Principles (industry-related cases will be illustrated);
- Handling of data breach incidents;
- Direct marketing;
- Offences and compensation; and
- Q&A session.
Duration: 1.5 hours
|
Renewal of DPOC’s Membership
|
Renew your DPOC membership today and continue to enjoy privileged access to course enrolments throughout the year!
Special offer for organisational renewals:
Organisations can join the 2-for-1 scheme, which enables you to receive two memberships for the price of one annual fee (HK$350).
Renew your membership now to keep up-to-date with the latest news and legal developments!
|
The PCPD values the opinions of all our DPOC members. We love to hear your ideas and suggestions on what privacy topics you would like to learn more about. Email your thoughts to us at dpoc@pcpd.org.hk and we shall include the most popular topics in our future e-newsletters.
|
|
|
Contact Us
Address: Unit 1303, 13/F, Dah Sing Financial Centre, 248 Queen's Road East, Wanchai, Hong Kong
Tel: 2827 2827
If you do not wish to receive the PCPD e-Newsletter, please click here to unsubscribe.
|
Copyright
Disclaimer
The information and suggestions provided in this publication are for general reference only. They do not serve as an exhaustive guide to the application of the law. The Privacy Commissioner makes no express or implied warranties of accuracy or fitness for a particular purpose or use with respect to the information and suggestions set out in this publication. This publication also contains information or suggestions contributed by others, whose views or opinions are solely those of the contributors and do not necessarily reflect or represent those of the Privacy Commissioner. All information and suggestions provided in this publication will not affect the functions and powers conferred upon the Privacy Commissioner under the Personal Data (Privacy) Ordinance.
The PCPD shall not be liable for any damages (including but not limited to damages for loss of business or loss of profits) arising in contract, tort or otherwise from (i) the use of or inability to use this publication or its content, or (ii) from any action taken or decision made on the basis of the content of this publication.
If you click any hyperlink in this publication that brings you to sites operated by other organisations, the PCPD accepts no responsibility for the contents of those sites and shall not be liable for any loss or damage arising out of and/or incidental to the use of the contents.
|
|
|
|