Privacy Management Programme Manual for NGOs
Does your organization employ staff, or work with volunteers or clients? Do you ever collect personal information, such as names, addresses, or phone numbers? Do you know how to safeguard personal data and how to handle a data breach?
A concise, transparent, and easily accessible Privacy Policy not only gives peace of mind to the people you work with and serve, it is also a key step toward compliance under Hong Kong’s complex Personal Data (Privacy) Ordinance. The current version was updated on 29 April 2022.
Prepared in partnership with Morgan, Lewis & Bockius in Hong Kong, this Privacy Management Programme Manual (“Manual”) is specifically written with small Hong Kong NGOs in mind. It takes the guesswork out of the rollout process, with clearly-written templates that allow you to easily adjust the contents to your NGO’s circumstances, with specific guidance for both smaller and larger organizations.
Part of PILnet’s larger effort to help Hong Kong NGOs build a robust infrastructure, the Manual follows our Data Privacy and Cybersecurity resources introduced in late 2020.
Download Privacy Management Programme Manual
Download Annex A - Sample of a Personal Information Collection Statement
Download Annex B - Data Access and Correction Policy
Download Annex C- Data Access Request Form
Download Annex D- Personal Data Correction Request Form
Download Annex E- Complaints and Enquiries Handling Policy
Download Annex F- Sample of Personal Data Inventory
Download Annex G- Sample of Risk Assessment Questionnaire
Download Annex H- Sample of Privacy Impact Assessment Questionnaire
Download Annex I- Data Breach Information Sheet
Download Annex J- Data Processor Review Checklist
Download Annex K - Sample of a Privacy Policy Statement
Download Annex L - Differences Between NGOs with More Resources and NGOs with Limited Resources