ENFORCEMENT OF PDPO Flashcards
What is the role of the Office of the Privacy Commissioner for Personal Data (PCPD)?
The PCPD enforces and oversees compliance with the PDPO - including conducting investigations - providing guidance - and raising public awareness.
What are the key roles of the PCPD?
Investigation - guidance - and public education.
What types of rules does the Privacy Commissioner issue?
Codes of Practice and Administrative Instructions.
What was the outcome of the Octopus Rewards Ltd. case?
Octopus Rewards Ltd. was required to cease unauthorized data transfer and improve data protection measures.
The Octopus Rewards case was a breach of which data protection principles under the PDPO?
Data collection and data use.
What is the role of the Personal Data (Privacy) Advisory Committee?
Advises the Privacy Commissioner on policy development and public consultation.
How must organizations manage consent and opt-out mechanisms?
Consent mechanisms must be clear - accessible - and easy to use. Fresh consent is needed for new purposes - and accurate records of consents and withdrawals must be kept.
What is an enforcement notice?
An enforcement notice is issued by the Privacy Commissioner to a data user who has contravened the PDPO - requiring rectification and preventive measures.
What does the PCPD do in terms of policy development and implementation?
Issues new guidelines - provides training - and proposes law reforms to enhance data protection.
What is the Third-Party Benefit Exception?
A proposal to review and possibly amend the law to regulate data sharing for third-party benefits more strictly.
What are recent trends in commissioner expectations?
Emphasis on proactive data protection measures - higher levels of transparency - and accountability of senior management.
What are the consequences of breaching an enforcement notice in HK?
Fine of HK$50 -000 on first conviction and HK$100 -000 on subsequent conviction and imprisonment for two years.
What are the penalties for direct marketing contraventions in HK?
If the data user provided data for gain: fine of up to HK$1 million and imprisonment for up to five years. If otherwise than for gain: fine of up to HK$500 -000 and imprisonment for up to three years. If it fails to stop using data for direct marketing: punishable for a fine of up to HK$500 -000 and imprisonment for up to three years.
What can a HK complainant appeal to AAB?
A complainant may appeal to the Administrative Appeals Board (AAB) against a decision of the Privacy Commissioner not to issue an enforcement notice following an investigation into a complaint.
What are the two HK consultative advisory committees?
Personal Data (Privacy) Advisory Committee and the Standing Committee on Technological Developments.