Professional Workshops on Data Protection May and June 2018

Similar documents
Date/Time Course Title Level 27 Nov 2018 (Tue) 9:30am-5:00pm 28 Nov 2018 (Wed) 9:30am-5:00pm

APPLICATION FORM FOR ASHK EXAMINATION (MAY 2019)

Date/Time Course Title Level 22 Jan 2019 (Tue) 9:30am-5:00pm 23 Jan 2019 (Wed) 9:30am-5:00pm. Life Insurance and Insurance Products Intermediate 6

Complying with the Personal Data (Privacy) Ordinance (Cap. 486) in the insurance industry

Licensing Information Booklet. April 2013

Managing Fraud Risks

Mike Hooton. Vikram Choudhry

Course Title Date & Time Speaker Enrolment Status Integrated Risk Management Approach (Advanced Level) 23 July 2018 (Mon) 9:30am 5pm

- Application Form (November 2017/18) -

WHO IS RESPONSIBLE FOR LOOKING AFTER YOUR PERSONAL DATA?

Last update on 21 July 2017 This latest version (21 June 2017) replaces all the previous versions of this document.

Report Published under Section 48(2) of the Personal Data (Privacy) Ordinance (Cap. 486) Report Number: R

Reindustrialisation and Technology Training Programme (RTTP) Guidance Notes for Public Course Providers

GUIDELINES FOR THE CONTRACTING OUT OF RESEARCH ACTIVITIES

Regulatory Compliance

One Step Ahead. The Central Bank Publishes Enhanced Minimum Competency Code to Strengthen Consumer Protection.

Tax and Regulatory Conference 2017

OFFICIAL LANGUAGES ACT 2003

ASSOCIATION OF PERSONAL INJURY LAWYERS Standard of competence for Litigators

Privacy Policy. Munich Re Australia

Customer Privacy Notice Edition

2018/2019 RISK MANAGEMENT PROGRAMME

GOLDEN BEAR GOLF PASSPORT By Jack Nicklaus Academy of Golf APPLICATION FORM

POSITIVE SOLUTIONS FAIR PROCESSING NOTICE

Advanced Diploma in Specialist Taxation 2012

Date/Time Course Title Speaker Level. Property All Risk Insurance and Business Interruption. Business Interruption in Supply Chains

15 th Annual Superannuation Intensive

Trade Finance towards CDCS and CSDG PDU s Points, 6.5 Law Society CPD Points granted

AMIST Super. Privacy Policy

What types of personal information is collected and why? Our privacy commitment to you. Personal information. What is personal information?

Exemptions from CPD Requirements The following groups of FA Representatives will be exempted from the CPD requirements:

DATA PROTECTION POLICY. Little Baddow Parochial Church Council

Avoiding Trade Frauds in an Uncertain Economic Climate

Data Protection Privacy Notice for people not directly involved in the accident

SILCHESTER INTERNATIONAL INVESTORS DATA PROTECTION POLICY

MANAGEMENT COMPANY OF OLYMPIC HOUSE LIMITED

Data Protection: Fair processing of student personal information Contents

Short Course on. Construction Law. with particular reference to the. JBCC 2000 Series of Contracts. in particular the application of

APPLICATION FOR ACCREDITATION OR RE-ACCREDITATION AS A MEDIATOR

CHAPTER 14A CHINA CONNECT SERVICE - SHANGHAI

Annual Report on the Privacy Act

Annex to II.6 MANDATORY PROVIDENT FUND SCHEMES ORDINANCE (CAP. 485) INTERNAL CONTROLS OF REGISTERED SCHEMES

In this regard, every appointed representatives of CMS licence holders and exempt FIs must:

Foreword 1 Personal information collection statement 2 Executive summary 4

ACCREDITATION CRITERIA FOR CORE FA CPD COURSES (ETHICS AND RULES & REGULATIONS) FOR APPOINTED REPRESENTATIVES OF FINANCIAL ADVISER

Business Operations MPF PRODUCTS. The DIS. Preparation and implementation. Design and development. Communication, publicity and education

INFORMATION NOTE FOR TRUSTEES ON THEIR SERVICE PROVIDERS & ADVISERS

Qualified Retirement Adviser (QRA) (2016 Winter Intake)

AML Certificates Handbook 2017

Privacy Policy. NESS Super is committed to respecting your right to privacy and protecting your personal information.

Digitalisation - is it time for the letter of credit to move forward?

Contracting Party The membership is a subscription between You and Us, this will be fulfilled by the National Farmers Union.

What is a Fair Processing Notice (FPN)? To ensure that we process your personal data fairly and lawfully we are required to inform you:

Fair Processing Notice

Annual Conference of The Hong Kong Confederation of Insurance Brokers 26 October Opening Address by Mr John Leung CEO of the Insurance Authority

THE NEW RULES FOR INTERNATIONAL DEMAND GUARANTEE PRACTICE: URDG 758

Proposal Form for Commercial Institutions. Gold Complete

Catastrophic Injury Accreditation. Initial application guidance notes

This seminar is to educate on the legal and practical know-how that will be necessary to your compliance with the PDPA.

COMPETENCY VALIDATION ASSESSMENT (CVA) This application form is only for the August 2018 intake and the exam will be on 25/26 August 2018.

International Professional Mediator Accreditation Assessment Notes to Applicants

IMPORTANT NOTICE PLEASE READ THE FOLLOWING ADVICE BEFORE COMPLETING THIS PROPOSAL FORM

Our privacy commitment to you. What types of personal information is collected and why? About us. Personal information. What is personal information?

Privacy Policy. Naval Group

Title: Anti-Bribery Policy

Strategic China Business Studies

Inspection Report. Personal Data System of An Estate Agency in Hong Kong

Form INT-2 MANDATORY PROVIDENT FUND SCHEMES AUTHORITY (MPFA) SI-Application (Individual)

Ark Syndicate Management Limited. Privacy and Transparency Notice. Version 1

ERGO Versicherung AG UK Branch Data Privacy Notice

Annual tax conference International Tax Cooperation - The Roadmap for Hong Kong

Privacy & Data Protection Procedure-Box Hill Institute Group

PRIVACY STATEMENT. There are terms in bold with specific meanings. Those meanings can be found in the attached Glossary.

ANTI-MONEY LAUNDERING POLICIES, CONTROLS AND PROCEDURES

GUIDANCE NOTE ON THE DATA PROTECTION ACT Information for clubs & county associations

Compliance A Guide for Qualified Persons

APIL SCOTLAND STANDARD OF COMPETENCE FOR LITIGATORS ASSESSOR S REPORT SHEET

Specified Procedures for Assurance Engagements at Smaller Authorities Version issued on: 17 January 2017

Amendments to the Main Board Rules. Chapter 1. Chapter 3

Supervision of the MPF Industry Professional

Report on the Securities and Futures Commission s 2014 annual review of the Exchange s performance in its regulation of listing matters

DENTISTS AND ORAL & MAXILLOFACIAL SURGEONS UK

Quotation/Inception. Renewal. Policy administration. Claims processing PRIVACY POLICY

Important notes for Exemption Track applicants:

The New EU General Data Protection Regulation (GDPR)

Guide to taking part in planning and listed building consent appeals proceeding by an inquiry - England

Julius Baer Trust Company (Channel Islands) Limited Lefebvre Court, Lefebvre Street, P.O. Box 87, St. Peter Port, Guernsey GY1 4BS, Channel Islands

Discussion Paper. Proposed Statutory Framework For Actuaries in Hong Kong

WHISTLE BLOWING POLICY AND PROCEDURE

Guidelines of ECF on RWM Grandfathering

G4 Responsible Gaming Code of Practice

2017/2018 RISK MANAGEMENT PROGRAMME

Guide to compliance with the Australian Privacy Principles. APP 1 Open and transparent management of personal information

Regulatory Guide for In-house Solicitors Employed in the Corporate and Public Sectors

FAQ. To Apply for Change of Chief Executive or Alternate Chief Executive Registration, and Cancellation of Such Registration

International Diploma Programmes Course Handbook

This document is a record of the information provided in the Annual Return 2017.

PROCESS FOR RESPONDING TO PREVENT / EXTREMISM Freedom of Information Act REQUESTS

Continuing Professional Development (CPD) Scheme

Shenzhen-Hong Kong Stock Connect Exchange Participant Information Package on Pre-launch System Readiness Test on 3 December 2016

Transcription:

Professional Workshops on Data Protection May and June 2018 Supporting Organisations: (in alphabetical order) Hong Kong Bar Association Hong Kong Institute of Certified Public Accountants

Professional Workshops on Data Protection In Hong Kong, individuals awareness and expectation of their rights in relation to personal data privacy have reached an unprecedented level after recent incidents of corporate malpractices in the use of personal data. Data protection has become a vital component to the success of business in building employee trust and enhancing corporate image. If your business involves the collection and use of personal data, it is important that your staff are fully up-to-date and compliant with the requirements under the Personal Data (Privacy) Ordinance ( the Ordinance ). The Office of the Privacy Commissioner for Personal Data ( PCPD ) has developed a series of professional workshops on data protection tailored to the needs of those dealing with personal data in different work contexts. Participants will work through guidance notes issued by the PCPD and practical scenarios with expert guidance from PCPD s experienced trainers or commissioned consultants. Upon completion of the workshop, participants will possess a solid knowledge of data protection law, as well as an understanding of the practical implications of the legal requirements under the Ordinance. Participants will be encouraged to discuss cases that they have dealt with and to share ideas and knowledge with other participants. Questions will be answered within a systematic framework enabling participants to apply the fundamental principles to a range of privacy issues. Key features - Conducted experienced staff from the PCPD - Fully up-to-date and comprehensive course materials - Sharing ideas with others - Interaction with the trainer and other participants - Case study based on real cases - PCPD s updated guidance notes - Certificate of participation awarded at each course - Plenty of opportunities for questions - Bring your queries to the workshop Who should attend Data Protection Officers, Human Resource Managers, Administration Managers, Compliance Officers, Data Security Personnel, Company Secretaries, Marketing Personnel, Solicitors (in-house or private practice), Insurers, IT Managers, Policy Advisers 1

Course contents - Definitions and interpretation of the legal terminology in the Ordinance - Analysis of each data protection principle with relevant real-life scenarios - PCPD complaint handling process - Codes of Practice and Guidelines - Updated guidance notes from the PCPD - Lessons learnt from real cases - Recommended good practices Methodology - Lecture - Case study - Discussion - Question and answer Courses available - Data Protection in Human Resource Management - Data Protection and Data Access Request - Practical Workshop on Data Protection Law - Data Protection in Banking/Financial Services - Data Protection in Insurance - Data Protection in Direct Marketing Activities - Privacy Management Programme - Recent Court and Administrative Appeals Board Decisions In-depth workshops The Workshops are open to people wishing to deepen their knowledge of data protection. To acquire basic knowledge of the Personal Data (Privacy) Ordinance, you may:- i) Enrol in the Introduction to the Personal Data (Privacy) Ordinance Seminar (www.pcpd.org.hk/english/education_training/individuals/public_seminars/public _seminar.html). ii) Download the powerpoint of "Introduction to the Personal Data (Privacy) Ordinance 2

Enrolment 1. Please refer to the timetable on www.pcpd.org.hk/english/education_training/organisations/workshops/workshop.html to check whether the preferred class is still available. 2. Enrol online before the closing date. 3. Receive notification from us by email in a week after the closing date. Please DO NOT send cheque payment until you are notified of the enrolment status. 4. Send a crossed cheque (with your full name at the back) payable to Privacy Commissioner For Personal Data together with the original enrolment form by post to Manager (Communications and Education), Office of the Privacy Commissioner for Personal Data, 12/F, Sunlight Tower, 248 Queen s Road East, Wanchai, Hong Kong. 5. The PCPD will send you a confirmation email upon receipt of the full payment. 6. Enquiry: Please e-mail to training@pcpd.org.hk. Adverse Weather Arrangement If Typhoon Signal No. 8 or above/black Rainstorm Warning is hoisted after (or is announced to be held at/after) the following time, workshop will be cancelled. Signal is hoisted after or is announced to be Workshops suspended held at/after*: 7:00 am Morning session 11:00 am Afternoon session Participants will be given a refund if the workshop is cancelled. * Even if Typhoon Signal No. 8 or above/black Rainstorm Warning Signal has been cancelled before the workshop commencement time. 3

Timetable of Professional Workshops on Data Protection (May and June 2018) Venue: Preston Room 408-9, Fortress Tower, 250 King s Road, North Point, Hong Kong (Next to the Fortress Hill MTR Station) Date Time Course Code Course May 2018 (Closing date for enrolment: 4 May 2018) 18 May 2:15-5:15 24 May 2:15-5:15 28 May 2:15-5:15 29 May 2:15-5:15 DAR-62 DM-82 BF-83 LAW-12 Data Protection and Data Access Request Data Protection in Direct Marketing Activities Data Protection in Banking/Financial Services Practical Workshop on Data Protection Law June 2018 (Closing date for enrolment: 23 May 2018) 6 Jun 2:15-5:15 12 Jun 2:15-5:15 20 Jun 2:15-4:15 25 Jun 2:15-5:15 28 Jun 2:15-5:15 HR-58 Data Protection in Human Resource Management INS-43 Data Protection in Insurance PMP-09 Privacy Management Programme DEC-03 BF-84 Recent Court and Administrative Appeals Board Decisions Data Protection in Banking/Financial Services Course Fee* $750/ $600* $750/ $600* $750/ $600* $950/ $760* $750/ $600* $750/ $600* $750/ $600* $950/ $760* $750/ $600* Medium of Instruction CPD Accreditation # Law Soc IA EAA HKICS Cantonese + Cantonese + Cantonese + English + ^ ^ Cantonese + ^ Cantonese + Cantonese + Cantonese + ^ English + ^ * Applicable to members of PCPD's Data Protection Officers' Club ("DPOC") and the supporting organisations only. # CPD hours/points are accredited by:- Insurance Authority - Insurance Intermediaries Quality Assurance Scheme (IA); Estate Agents Authority (EAA); and Hong Kong Institute of Chartered Secretaries (HKICS). The number of CPD hours/points obtained is determined by the number of hours of the respective course listed above. + Accreditation of the Law Society of Hong Kong (LawSoc) is being sought. ^ 3 ECPD hours are accredited by the HKICS. End time of all accredited courses will be extended 10 minutes to make up for the break. All course materials are in English. Please contact the Communications and Education Division at 3423 6621 or training@pcpd.org.hk if you wish to attend the training conducted in English. 4

Data Protection in Human Resource Management This workshop is designed for human resource practitioners learning how to meet the requirements under the Personal Data (Privacy) Ordinance ( the Ordinance ) in handling large amount of employees personal data in the different phases of employment process. Human resource practitioners handle a large amount of employee data in the course of their work. The collection, use and retention of employee data carry significant legal responsibilities and risks. It is therefore a great challenge for human resource practitioners to meet the requirements under the Ordinance and the Code of Practice on Human Resource Management. Participants will learn the good practices in handling personal data in each phase of the employment process. Who should attend: Human Resource Officers, Data Protection Officers, Compliance Officers, Solicitors, Administration Managers, Recruitment Agents - What are the general requirements for the collection and retention of personal data, and ensuring their accuracy and security in each phase of the employment process - What are the requirements of the Code of Practice on Human Resource Management - Collection of personal data in recruitment process e.g. medical data, reference data - What is Blind Recruitment Advertisement - What are the restrictions on keeping personal data, setting appropriate periods of time for keeping information - What are the legal requirements in transferring personal data to third parties - Collection of biometrics data - How to handle a Data Access Request by job applicants or employees - What are the requirements for engaging in employee monitoring activities 5

Data Protection and Data Access Request This workshop provides practical guidance on issues relating to compliance with a Data Access Request ( DAR ) raised by customers or employees. There are stringent requirements for compliance with a DAR under the Personal Data (Privacy) Ordinance. Dealing properly and effectively with a DAR is a challenge for many organisations. This workshop will examine in details those requirements and offer guidance on the handling of a DAR. Participants may already be dealing with DARs and want to review their handling or may never have dealt with DARs and want to develop processes. They will learn how to deal with DAR and avoid pitfalls. There will also be plenty of opportunity for questions during the workshop. Who should attend: Solicitors, Data Protection Officers, Administration Managers, Human Resource Officers, Customer Services Personnel - What is a DAR - What is subject to access under a DAR - Who may make a DAR - How to make a DAR - What should a data user do in order to comply with a DAR - Charges for a DAR - Grounds for refusing to comply with a DAR - Steps to take in refusing to comply with a DAR - Protection for third party data when complying with a DAR - Consequences of breach of the DAR provisions 6

Practical Workshop on Data Protection Law This workshop is aimed at anyone who wishes to acquire a solid grounding in the application and interpretation of the provisions of the Personal Data (Privacy) Ordinance ( the Ordinance ). With the increase in public awareness on personal data protection, it becomes an important aspect for organisations to gain customers trust and confidence. This workshop (to be conducted by experienced lawyers from the Office of the Privacy Commissioner for Personal Data) is for people who are charged with the responsibility in advising on compliance with the Ordinance to acquire solid knowledge through interactive participation. Who should attend: Solicitors, Barristers, In-house Legal Counsels, Data Protection Officers, Compliance Officers - Examining the application of the six data protection principles with special highlights on recent administrative appeals board and court cases - Problems frequently encountered by organisations dealing with personal data, including:- o What are the points to consider when drafting a personal information collection statement? o How to respond to requests by law enforcement agencies for disclosure of employees or customers personal data? o What are the key aspects to be included in a privacy policy statement? o What are the special requirements in complying with or refusing to comply with a data access/correction request? o How to comply with the direct marketing requirements in a joint marketing campaign? o What are the steps to take when outsourcing the processing of personal data to agents located in or outside Hong Kong? - Consequences of breach of the Ordinance and liabilities of key officers - Case studies and discussion 7

Data Protection in Banking/Financial Services This workshop examines the personal data privacy issues facing banking and financial personnel in their daily operation and provides practical steps that can be taken to deal with the issues effectively. Banking and financial personnel face a lot of data protection challenges in a complex business world where the business can be cross-jurisdictional or multi-functional. This workshop will examine the requirements under the Personal Data (Privacy) Ordinance in different aspects of the banking and financial services and the practical ways to deal with them effectively. Who should attend: Data Protection Officers, Compliance Officers, Company Secretaries, Solicitors, Advisers and other personnel undertaking work relating to the banking/financial industry. - An overview of the relevant requirements under the Ordinance - Liabilities of banks for acts of staff, agents and contractors - Useful pointers on Personal Information Collection Statement - Collection of identification document number from non-account holder - Accuracy of customer s contact information - Retention and erasure of customers personal data - Outsourcing the processing of personal data - Transfer of personal data outside Hong Kong - Handling of customers personal data in debt collection - Protection of customers personal data collected during off-site marketing campaign - Handling of data access request from customers - Make privacy policies and practices generally available 8

Data Protection in Insurance This Workshop is designed for insurance practitioners who wish to acquire the knowledge to protect customers personal data in providing insurance services to the public. The course will highlight the key features of Guidance on the Proper Handling of Customers Personal Data for the Insurance Industry and privacy issues specific to insurance institutions and insurance practitioners. Insurance practitioners handle a large amount of customers personal data in their daily work e.g. name, telephone number, address, identity card number, health record, information contained in insurance application forms and insurance policy etc. It is essential that they understand and comply with the requirements under the Personal Data (Privacy) Ordinance ( the Ordinance ) which apply to them in their capacities as the data users in the handling of personal data. This workshop examines core concepts of practical data protection compliance illustrated by specific scenarios to highlight potential problems and their resolution. Participants will also engage in discussion of real cases relating to the handling of personal data in different aspects of insurance work. Who should attend: Insurance Practitioners, Data Protection Officers, Compliance Officers, Solicitors, Advisers and other personnel undertaking work relating to the Insurance Industry - An overview of the data protection provisions - Liabilities of insurance companies and insurance practitioners - Useful pointers on Personal Information Collection Statement - Collection of customers medical data - Collection of Hong Kong identity card number and copy - Engagement of private investigators in insurance claims - Retention of customers personal data - Use of customers data for internal training - Security of customers personal data handled by staff and agents - Handling of data access requests from customers 9

Data Protection in Direct Marketing Activities This workshop focuses on the collection and use of personal data for direct marketing purposes. You will learn how to comply with the requirements under the Personal Data (Privacy) Ordinance ( the Ordinance ) and put this into context with your responsibilities in the company. Direct marketing is widely adopted by different types of organisations in promoting their products and services. In Hong Kong, the use of personal data in direct marketing activities is governed by the Ordinance. Since the new direct marketing regime took effect from 1 April 2013, some companies were convicted for failing to comply with the requirements which present risks to a company s value and consumer trust. This workshop provides a practical approach to the compliance of the requirements under the Ordinance in direct marketing activities and provides hands-on solutions to problems that marketers face in devising direct marketing activities. Conviction cases will also be shared with the participants. Who should attend: Data Protection Officers, Compliance Officers, Company Secretaries, Administration Managers, IT Managers, Solicitors (in house or private practice), Database Managers, Marketing professionals - What is Direct Marketing under the Ordinance - understanding the Guidance on the Collection and Use of Personal Data in Direct Marketing - Collection of personal data from different sources for direct marketing purpose - Legal requirements for using personal data in marketing activities - What is prescribed consent in using customers personal data for direct marketing purpose - How to handle an "Opt-Out Request" - How to maintain the opt-out list - Legal requirements for carrying out direct marketing activities with a partner company - Sharing of conviction cases 10

Privacy Management Programme Privacy and data protection cannot be managed effectively if they are merely treated as a legal compliance issue. Instead, organisational data users should embrace personal data privacy protection as part of their corporate governance responsibilities and apply them as a business imperative throughout the organisation. To this end, the formulation and maintenance of a comprehensive Privacy Management Programme (PMP) is of paramount importance. This course will highlight the key features of Privacy Management Programme A Best Practice Guide. Participants will be able to understand the baseline fundamentals and components of a PMP and how to maintain and improve it on an ongoing basis. Who should attend: Data protection officers, compliance professionals, company secretaries, solicitors, executives from business and public sectors, and those who are interested in keeping abreast of the data protection trend and best practices. - What is PMP - Baseline Fundamentals of a PMP - Ongoing Assessment and Revision - How to develop your own PMP 11

Recent Court and Administrative Appeals Board Decisions This workshop focuses on specific topics in data privacy law raised in recent decisions of the Hong Kong Court and Administrative Appeals Board (the Board ), and aims at providing in-depth discussion and updated knowledge to legal practitioners and compliance officers on the interpretation of commonly used provisions of the Personal Data (Privacy) Ordinance ( the Ordinance ). This intermediate level course is for participants who would like to gain more insights on the legal arguments of court decisions and the Board cases. The Board is the statutory body that hears and determines appeals against the decisions of the Privacy Commissioner for Personal Data ( the Commissioner ) by a complainant or the relevant data user complained of. The High Court of Hong Kong deals with magistracy appeals against criminal offences committed under the Ordinance. This workshop (to be conducted by experienced lawyers from the office of the Commissioner) will examine some recent decisions which serve as legal authorities and practical examples in solving problems frequently encountered in compliance work. Who should attend: Solicitors, Barristers, In-house Lawyers, Data Protection Officers, Compliance Officers, Company Secretaries and Administration Managers. A thorough discussion of the following decisions made by the High Court of Hong Kong and the Board:- HKSAR v Hong Kong Broadband Network Limited (HCMA 624/2015) Does offering a new service contract to its existing customer at a concessionary rate by a telecommunications company amount to direct marketing under the Ordinance? Do direct marketing offences require proof of mens rea? What are the defences available to a data user? HKSAR v Leung Chun-kit Brandon (HCMA 49/2016) Do a person s Christian name and mobile phone number together constitute his personal data? Is it a breach of section 35J of the Ordinance if a person passes his friend s contact particulars to an insurance agent for direct marketing purpose without the friend s consent? Would it make a difference if the insurance agent ultimately has not so used the data for direct marketing? 12

AAB 17/2015 and AAB 18/2016 Will an organisation be liable for the disclosure of personal data by its director? Under what circumstances will the director be regarded as exceeding the realm of his authority? Does the exemption under section 58(2) apply to the situation where a party seeks to defend an allegation of unlawful or seriously improper conduct? AAB 42/2016 How to determine whether a fee imposed for compliance with a data access request is excessive? What are the costs directly related to and necessary for complying with a data access request? Is a doctor s cost of reviewing the medical records before releasing to the requestor chargeable? AAB 40/2016 How should a bank fulfill its obligations under Data Protection Principle 1(3) to notify its customers of its personal data collection purpose of detecting or combating financial crimes AND to avoid alerting the customers who may then take pre-emptive and counter measures? Would it suffice for a bank to request updated personal data from its customers by simply informing them of the purpose of such use in general terms? 13

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback