Share This:

Aug 18 Legal Update

Share This:

Top stories

The Privacy Commissioner issued the revised Best Practice Guide on Privacy Management Programme, to assist organizations in constructing a comprehensive Privacy Management Programme (“PMP”). Given recent privacy leakage incidents and much heightened sensitivity surrounding privacy, the Guide is very useful in providing concrete examples, templates of various tools, and checklists for reference. (Click: full Guide; press release)

What you should know/do:

  • Assess your privacy programme: against PMP components, our summary below
    (P. 36 of the Guide):

    i. Organizational commitment
    — Buy-in from the top
    — Appointment of data protection officer
    — Establishment of reporting mechanisms

    ii. Programme controls
    Personal data inventory
    — Internal policies
    Risk assessment tools
    Handling of data breach incident

    iii. Ongoing assessment and revision

  • Should appoint a designated privacy protection officer: (i) a senior executive; (ii) responsible for designing and managing the PMP, including procedures, training, monitoring/auditing; (iii) assisted by a departmental privacy co-ordinator (section 1.2)
  • Should maintain an organization-wide personal data inventory, as information may be kept in various departments (section 2.1)
  • Tools for risk assessment: useful templates (section 2.3):
    Periodic risk assessment questionnaire for various departments
    Privacy impact assessment checklist — for new projects
  • Annual review of the programme: useful checklist (section 3)



Hot Trends


“5 ways to raise your board’s digital IQ”

“Refreshing the board” for the digital era does not mean technology skills alone!

Disruptive effect of technology means that we need directors that had experienced “significant changes in company business model” …

Other useful ideas:

  • “technology IQ assessment” for boards
  • new board agenda?
  • board training ideas



Also in this issue


(i) The Market Misconduct Tribunal’s new “false trading” case (a form of market misconduct). The former CEO of China AU Group Holdings Limited (the “Company”), and two close associates were found to have engaged inmarket misconduct” by way offalse trading” in the shares of the Company. (s.274(1), Securities and Futures Ordinance; other common forms of “market misconduct” include “insider dealing”) (Click: press release; full report)

The former CEO was found to have the overall direction of the scheme — whereby the other defendants bought and sold a substantial number of Company shares, to create the false impression of “active trading” in such shares, when the Company attempted a share placement exercise. The objective was to manipulate the share price, to demonstrate liquidity in the shares, thereby making them more attractive to potential investors.
What you should know/watch out for:

  • “False trading”: to ensure the market reflects the forces of genuine supply and demand
  • While the former CEO did not engage in trading of the shares, she “devised and directed” the scheme including providing provided funding to the other defendants
  • The other defendants (who were not known to each other) together used 14 trading accounts; bought and sold a substantial number of shares — “knowingly and actively assisted” the former CEO in false trading
  • Need actual intention or “reckless” — as to whether the trading has, or is likely to have the effect of creating a false or misleading appearance of “active trading”, or regarding the market for the securities or its price

This Update in PDF