Privacy Management Programme Manual for NGOs

Does your organization employ staff, or work with volunteers or clients? Do you ever collect personal information, such as names, addresses, or phone numbers? Do you know how to safeguard personal data and how to handle a data breach?

A concise, transparent, and easily accessible Privacy Policy not only gives peace of mind to the people you work with and serve, it is also a key step toward compliance under Hong Kong’s complex Personal Data (Privacy) Ordinance. The current version was updated on 29 April 2022.

Prepared in partnership with Morgan, Lewis & Bockius in Hong Kong, this Privacy Management Programme Manual (“Manual”) is specifically written with small Hong Kong NGOs in mind. It takes the guesswork out of the rollout process, with clearly-written templates that allow you to easily adjust the contents to your NGO’s circumstances, with specific guidance for both smaller and larger organizations.

Part of PILnet’s larger effort to help Hong Kong NGOs build a robust infrastructure, the Manual follows our Data Privacy and Cybersecurity resources introduced in late 2020.


Download Privacy Management Programme Manual

Download Annex A - Sample of a Personal Information Collection Statement

Download Annex B - Data Access and Correction Policy

Download Annex C- Data Access Request Form

Download Annex D- Personal Data Correction Request Form

Download Annex E- Complaints and Enquiries Handling Policy

Download Annex F- Sample of Personal Data Inventory

Download Annex G- Sample of Risk Assessment Questionnaire

Download Annex H- Sample of Privacy Impact Assessment Questionnaire

Download Annex I- Data Breach Information Sheet

Download Annex J- Data Processor Review Checklist

Download Annex K - Sample of a Privacy Policy Statement

Download Annex L - Differences Between NGOs with More Resources and NGOs with Limited Resources