Privacy and Data Protection
Hong Kong
Core Obligations
Objectives, Definitions and Governing Principles
Data Protection Principles
Access to Personal Data
Correction of Personal Data
General Maintenance
Codes of Practice
Qualifying Criterion for Matching Procedures and Transfer of Personal Data
Provision of Personal Data in Direct Marketing
Grievances Protocol
Offences and Penalties
Interpretation of Prescribed Public Officer
Governing Rules covering PDPO
Interpretation of Prescribed Public Officer and Ex Officio Member
Performance of the Administrative Appeals Board
Who can perform a Transfer of Record
General Matters
General Secrecy
Provision of Prescribed Information on Demand
Inspection of Company’s Records
Parameters that cover PDPO
Code of Confidentiality and Protection of Council
Permitted Disclosure of Information by Authority
Delegation of Powers of the Ombudsman
Legal Landscape
The District Court Ordinance Chapter 336
The Personal Data (Privacy) Ordinance Chapter 486
The Insurance Ordinance Chapter 41
The Communications Authority Ordinance Chapter 616
The Securities and Futures Ordinance Chapter 571
The Construction Industry Council Ordinance Chapter 587
The Companies Ordinance Chapter 622
The Electronic Health Record Sharing System Ordinance Chapter 625
The Independent Police Complaints Council Ordinance Chapter 604
and 9 other compliance sources
Regulators
Cap.397 Ombudsman Ordinance
Publications_2nd Edition Data Protection Principles
Cap.136 Mental Health Ordinance
Cap.221 Criminal Procedure Ordinance
Compliance with Data Access and Correction Requests
Data Access Request Form (Form OPS003)
PCPD Compliance Guide for Data Users
PCPD Codes of Practice/ Guidelines - Index
PCPD Code of Practice on the Identity Card Number and other Personal Identifiers – Compliance Guide for Data Users
PCPD Code of Practice on the Identity Card Number and Other Personal Identifiers (Revised April 2016)
Cap.177 Registration of Persons Ordinance
Cap.115 Immigration Ordinance
Hong Kong Monetary Authority - Money Laundering Guidelines
PCPD Compliance Guide for Employers and Human Resource Management Practitioners
PCPD Code of Practice on Human Resource Management (Revised April 2016)
PCPD Code of Practice on Consumer Credit Data (Revised Jan 2013)
PCPD – Understanding the Code of Practice on Consumer Credit Data – Frequently Asked Questions on the Sharing of Mortgage Data for Credit Assessment Purpose
Cap.155 Banking Ordinance
PCPD Monitoring and Personal Data Privacy at Work: Points to Note for Employers of Domestic Helpers
PCPD Privacy Guidelines: Monitoring and Personal Data Privacy at Work (Revised in April 2016)
PCPD Resources Centre Information Leaflet - What is a Matching Procedure?
PCPD – Common Questions on Matching Procedure
PCPD – Past Seminars on Direct Marketing
PCPD Guidance Note – Guidance on the Collection and Use of Personal Data in Direct Marketing
PCPD – Exercising Your Right of Consent to and Opt-out from Direct Marketing Activities under the PDPO
PDPO – Complaint Handling Flowchart
Cap. 589 Interception of Communications and Surveillance Ordinance
Cap. 561 Human Reproductive Technology Ordinance
Cap. 227 Magistrates Ordinance
The Department of Justice – Legal System in Hong Kong
Mission, values and roles of the Financial Reporting Council
PCPD on Data Privacy Law – The Personal Data (Privacy) Ordinance
Criminal offences and respective penalties under the PDPO
Legal Expert
DOMINIC WAI
Partner | ONC Lawyers
PRACTICE AREAS: Litigation & Dispute Resolution, Regulatory, Compliance & Internal Investigations, Criminal Litigation, Trade & Customs Litigation, Shareholders’ Dispute and Insolvency matters, Domestic and International Arbitration, Cybersecurity & Privacy Law matters
Before joining the legal profession, DOMINIC has worked in the banking sector and as well as in the Independent Commission Against Corruption (ICAC).
Dominic’s practice focuses on advising clients on matters relating to anti-corruption, white collar crime, law enforcement, regulatory and compliance matters in Hong Kong, including advice on anti-money laundering. He also handles cases involving corporate litigation, shareholders’ disputes and insolvency matters, defamation cases, domestic and international arbitration cases, cybersecurity, data security and privacy law issues, competition law matters, e-Discovery and forensic investigation issues as well as property litigation. His expertise includes:
- Advised Hong Kong listed, US multinational companies and money service operators (MSO) on anti-money laundering matters and practices.
- Advised major international companies and Hong Kong listed companies on anticorruption and bribery and other white-collar crime issues.
- Advised and assisted clients on urgent asset freezing injunctions and liaising with law enforcement agencies concerning fraudulent fund transfers due to business email scams and hacked email systems.
- Advised the joint and several liquidators of a liquidation matter for over 10 years with considerable recovery for the creditors over the years.
- Advised a major broadcasting company on defamation issues, judicial review applications, investigation by regulators and shareholders’ dispute issues.
Dominic is currently a board member of a charity that provides a home service for sick children and their families. He is supportive and actively participating in the activities of the charity.
Australia
Core Obligations
Privacy & Data Protection Overview
Applicability of Data Privacy Laws
Organisational Governance
Consumer Data Rights
Openness and Transparency
Collecting Personal and Sensitive Information
Anonymity and Pseudonymity
Using and Disclosing Personal Information and Identifiers
Cross-border Transfers of Personal Information
Ensuring the Quality of Personal Information
Ensuring the Security of Personal Information
Enabling Access and Correction of Personal Data
Managing Complaints and Investigations
Confidentiality
Surveillance
Health Information and the My Health Record System
Workplace Privacy
Complying with the Payment Card Industry Data Security Standard
Legal Landscape
Archives Act 1983 (Cth)
Crimes Act 1914 (Cth)
Criminal Code Act 1995 (Cth)
Do Not Call Register Act 2006 (Cth)
Freedom of Information Act 1982 (Cth)
Privacy Act 1988 (Cth)
Privacy Regulation 2013 (Cth)
Privacy (Tax File Number) Rule 2015 (Cth)
Spam Act 2003 (Cth)
Surveillance Devices Act 2004 (Cth)
Taxation Administration Act 1953 (Cth)
Telecommunications Act 1997 (Cth)
includes over 110 compliance sources
Regulators
State Records Office of Western Australia (WA, Australia)
Information Commissioner's Office (United Kingdom)
Payment Card Industry Security Standards Council (International)
NSW State Archives (NSW, Australia)
ACT Territory Records Office (ACT, Australia)
State Records of South Australia (SA, Australia)
Queensland Public Records Review Committee (QLD, Australia)
Attorney General's Department (Australia)
Australian Communications and Media Authority (Australia)
Australian Competition and Consumer Commission (Australia)
Australian Taxation Office (Australia)
Department of Home Affairs (Australia)
Department of Communications and the Arts (Australia)
The Treasury (Australia)
Office of the Australian Information Commissioner (Australia)
Public Record Office Victoria (VIC, Australia)
and 50 other regulators
Legal Expert
DUDLEY KNELLER
Partner | Gadens
DUDLEY is a highly experienced lawyer with international and domestic experience advising on commercial, regulatory and technology matters with specialisations in financial technology, cyber risk, privacy and strategic sourcing and supply projects. Dudley has over 20 years’ experience practising across Australia, Europe and the UK, and has worked on projects based in a range of countries, including the Philippines, India and across South America.
Dudley publishes and presents extensively. He has been nominated and selected as a ‘Best Lawyer’ in Australia in the area of Information Technology Law since 2020 and has been listed as a Recommended Technology, Media and Telecommunications Lawyer in Victoria in Doyle’s Guide every year from 2015 to 2020.
Japan
Core Obligations
Overview
Related Laws
Personal Information Utilisation Restriction, Acquisition, Control
A Third-Party Provision
Anonymously Processed Information
Guidelines for each field
Specific Personal Information
Legal Landscape
Act on the Protection of Personal Information
Act on the Use of Numbers to Identify a Specific Individual In Administrative Procedures
Cabinet Order to Enforce the Act on the Protection of Personal Information Act
General Rules Guidelines for the Act on the Protection of Personal Information
and 25 other compliance sources
Regulators
Personal Information Protection Commission
Financial Services Agency
Ministry of Economy, Trade and Industry
and 4 other regulators
Legal Expert
SHOHEI SUZUKI
Senior Associate | TMI Associates
PRACTICE AREAS: IT and Communications Matters, M&A, Alliances, Corporate Finance, Corporate Governance
SHOHEI is a Senior Associate at TMI Associates, one of the largest law firms in Japan. He has extensive experience in helping clients comply with privacy and data protection requirements. In particular, he has continuously advised numerous domestic and international advertising technology companies and advertisers with regard to their usage of consumers’ personal information as well as with contract negotiations. He also has
substantial expertise in M&A transactions targeting companies utilizing consumers’ personal data.
Shohei has previously served as a legal counsel for a company operating one of the largest web portals and advertising networks in Japan. Due to this background, he is qualified to advise his clients based on not only his legal knowledge but also on his deep understanding of the mechanisms of online advertising. Shohei has substantial experience helping companies to comply with international privacy laws, such as the GDPR, the California Consumer Privacy Act and China’s Cybersecurity Law, which enables him to effectively approach legal issues arising out of the uniqueness of each country’s privacy law.
Shohei received his Bachelor’s degree in law at Waseda University, his Juris Doctor’s degree in law at Chuo University Law School and his Master’s Degree at the University of Texas School of Law. He is licensed to practice law in both Japan and California state and has also been certified as a Certified Information Privacy Professional (United Sates) by the IAPP.
New Zealand
Core Obligations
New Zealand Privacy Overview
Collecting Personal Information
Using and Disclosing Personal Information and Identifiers
Ensuring the Security of Personal Information
Enabling Access and Correction of Personal Data
Workplace Privacy
Applicability of Privacy Laws
Cross-border Transfers of Information
Organisational Governance and Privacy Program
Managing Complaints and Investigations
Information Matching Programs
Ensuring the Accuracy of Personal Information
Protecting Confidential Information from Disclosure
Investigations and Enforcement
Legal Landscape
Privacy Act 1993 (NZ)
Official Information Act 1982 (NZ)
Contract and Commercial Law Act 2017 (NZ)
Crimes Act 1961 (NZ)
Criminal Procedure Act 2011 (NZ)
Criminal Records (Clean Slate) Act 2004 (NZ)
Data Protection Act 1998 (UK)
Harassment Act 1997 (NZ)
Protected Disclosures Act 2000 (NZ)
Unsolicited Electronic Messages Act 2007 (NZ)
and 20 other compliance sources
Regulators
Office of the Privacy Commissioner
Office of the Ombudsman
Human Rights Commission
and 6 other regulators
Legal Expert
TANIA GOATLEY
Partner | Bell Gully
PRACTICE AREAS: Media, Consumer law, Intellectual property, Litigation and dispute resolution, Privacy and data protection, Information, communications and technology, Food, Beverage and Hospitality, Cybersecurity, Anti-Bribery and Corruption
TANIA advises on all aspects of advertising promotions, including impacts of the Gambling Act, Fair Trading Act and Privacy Act. She is also experienced in advising on food and wine labelling issues, involving advice on the Food Standards Australia New Zealand (FSANZ) Code, the Food Act, the Wine Act and related regulations and industry codes.
She has a strong media law background, advising on defamation claims, appearing in Court on name suppression issues, and providing media law training to journalists. She advises on all aspects of intellectual property law, including copyright, passing off and trade mark infringement disputes and litigation.
In addition to her particular areas of expertise, Tania provides general advice on commercial and contractual disputes and litigation with successful outcomes for her clients.
Tania is recommended for intellectual property by The Legal 500 Asia Pacific 2020, which notes her specialties as media, advertising, privacy law and IP matters. Tania is also recommended as a recognised practitioner by Chambers Asia Pacific 2020 for Technology, Media and Telecoms.
Singapore
Core Obligations
Overview and application of the data privacy
Compliance, police and practices
Collection, use and disclosure of personal data
Purpose of data collection
Access and correction of personal data
Care of personal data
Enforcement and penalties
Do not call registry
Legal Landscape
Personal Data Protection Act 2012
Computer Misuse Act
Cyber Security Act 2018
Official Secrets Act
The Electronics Transactions Act
and 51 other compliance sources
Regulators
Personal Data Protection Commission
Intellectual Property Office of Singapore
Cyber Security Agency
Legal Expert
THOMAS CHOO
Partner | Clyde & Co
PRACTICE AREAS: Commercial, Corporate, Education, Employment, Pensions & Immigration, Insurance & Reinsurance
Described in The Legal 500 Asia Pacific as "extremely prompt and responsive", commanding "astounding legal knowledge" and being "genuinely interested in developing long term relationships with clients", Thomas is a corporate transactional, private equity and employment lawyer focusing on domestic and cross-border acquisitions and divestitures, corporate and asset finance and employment. As part of his practice, he also leads both the Employment in Singapore and the Corporate Secretarial practices in Singapore and Hong Kong.
United Kingdom
Core Obligations
Overview
Applicability of Data Protection Law
Organisational Governance
Lawfulness, Fairness and Transparency
Purpose Limitation
Data Minimisation
Accuracy of Personal Data
Storage Limitation
Integrity and Confidentiality
Enabling Individuals' Rights
Managing Complaints and Investigations
Cross-border Transfers of Personal Information
Confidentiality
Surveillance
Workplace Privacy
Complying with the Payment Card Industry Data Security Standard
Legal Landscape
Data Protection Act 2018
Regulation (EU) 2016/679 (General Data Protection Regulation)
Freedom of Information Act 2000
and 57 other compliance sources
Regulators
Office of the UK Information Commissioner
The Information Commissioner's Office - Scotland
Information Commissioner’s Office - Wales
The Information Commissioner’s Office - Northern Ireland
Legal Expert
MATTHEW PRYKE
Commercial Technology Partner | Hamlins
PRACTICE AREAS: Data Protection, Privacy, Cyber Security
MATTHEW has extensive experience advising businesses on the full ambit of data protection, privacy and cyber security matters. He works closely with companies advising them on the best practical and legal measures to mitigate and manage security breaches and ensure compliance with the EU General Data Protection Regulations. He advises CEOs and senior management on how to create the best legal, technological and security governance strategies for the business. Matthew has worked as a CEO and understands the commercial and budgetary pressures businesses face when implementing strategic projects.
“Matthew Pryke is both smart and focused with an ability to find solutions that add value”
- Legal500
CHRISTOPHER HUTCHINGS
Defamation and Privacy Partner | Hamlins
PRACTICE AREAS: Reputation Management
CHRISTOPHER is an industry leading expert in the field of reputation management and has helped businesses resolve problems that threaten the reputation of the business or the privacy and integrity of those behind it. He has considerable experience in handling unprecedented crisis situations and is used to working to pressurised timescales.
“Christopher is incredibly good. He is very well organised and gets things done.”
- Legal500
ARVINDER SAMBEI
Barrister
PRACTICE AREAS: Anti-Corruption, AML/Financial Regulatory, Public International Law, International/Transactional Criminal Law
ARVINDER SAMBEI is a practising barrister of over 30 years’ experience and one of the directors of London-based Amicus Legal Consultants.
She has previously held the posts of Head of Criminal Law at the Commonwealth Secretariat, Legal Adviser to the Permanent Joint Headquarters (PJHQ) at the UK’s Ministry of Defence and Principal/Senior Crown Prosecutor (Crown Prosecution Service of England & Wales). As a prosecutor, she had conduct of many of the UK’s high profile extradition, counter-terrorism, transnational and war crimes cases. In addition, her responsibilities included liaison with other jurisdictions on treaty negotiations, extradition and mutual legal assistance requests.
As the Head of the Criminal Law Section at the Commonwealth Secretariat, she was responsible for ensuring design and delivery of programmes of assistance and training for member states to enhance criminal law systems.
Arvinder acts as an expert for many international and regional organisations (including Council of Europe, EU, IMF, and UN agencies) on anti-corruption & governance, AML/CFT, sanctions, international co-operation, asset recovery, economic crimes, corporate criminal liability, maritime crime and security, human rights and public international law. She has also been engaged in treaty and legislative drafting, state and project evaluation, and capacity building/technical assistance programmes.
She is a published author of legal texts (with Oxford University Press and others), an experienced trainer and has written articles, practitioner manuals and technical papers published by, inter alia, the Council of Europe, Commonwealth Secretariat, OECD, OSCE and UNODC on her areas of expertise.
United States
Core Obligations
Overview
Applicability of Data Privacy Laws
Organisational Governance
Collecting Personal and Sensitive Information
Using and Disclosing Personal Information
Ensuring the Security of Personal Information
Enabling Access to and Correction of Personal Data
Workplace Privacy
Managing Complaints and Investigations
Protecting Confidential Information from Disclosure
Legal Landscape
Gramm Leach Bliley Act (15 USC 6801 - 6827)
Title X of Dodd-Frank Wall Street Reform and Consumer Protection Act (12 USC 5491 - 5603)
Fair Credit Reporting Act - Credit Reporting Agencies (15 USC 1681 et seq)
Family Educational Rights and Privacy Act (20 USC 1232g)
Heath Insurance Portability and Accountability Act of 1996 (HIPAA) Public Law 104 -191
and 329 other compliance sources
Regulators
Board of Governors of the Federal Reserve System
Federal Trade Commission
Securities and Exchange Commission
Attorney General (Federal)
and 122 other regulators
Legal Expert
ELIZABETH HINSON
Partner | Morris, Manning & Martin
PRACTICE AREAS: Corporate, Cybersecurity & Privacy, Internet of Things (IoT) Technology
ELIZABETH K. “Bess” HINSON makes planning for privacy and cybersecurity risks her top priority. As Chair of the Cybersecurity & Privacy Practice, her primary areas of concentration include cyber and data risk management and governance, breach preparedness and response, crisis management, and global data privacy compliance. Bess represents clients at all stages of incident response from investigation, notification, remediation, managing privacy class action risks, and defense of litigation and regulatory inquiry. She regularly counsels clients on cross-border data flows and navigating conflicts between foreign privacy laws and U.S. compliance obligations. She oversees and coordinates EU General Data Protection Regulation (GDPR) compliance assessment and implementation programs for clients. She has experience in privacy matters, including information governance and data management, online advertising, internal compliance policies, and consumer policies, including website and mobile application policies, vendor management, blockchain, and advising on privacy and security-related compliance strategies and programs.
Contact Us
E-mail: marketing.hk@lexisnexis.com
Telephone number: +852 2179 7888