Webinar - How to conduct PIA (Privacy Impact Assessment) and PCA (Privacy Compliance Assessment)

Topic

How to conduct PIA (Privacy Impact Assessment) and PCA (Privacy Compliance Assessment)

Speaker

Patrick Rozario is a Managing Director of Moore Hong Kong and heads up the firm's Advisory Services to help clients manage their risks and enhance their business operations.

Experience

Patrick has over 30 years’ experience working for large international accounting firms and in the commercial sector. Patrick has substantial experience working in the areas of governance and risk advisory. Patrick managed various internal audits, corporate governance, Sarbanes-Oxley, internal control and information technology advisory and assurance engagements for clients across different industries including banking, insurance, telecommunication and government in Hong Kong and China.

Patrick also worked in the commercial sector. He was project manager of a number of large-scale business process re-engineering and information systems implementation projects in the Asia-Pacific Region and in North America.

Other experience

Patrick was the Chairman of the organising committee for the HKICPA Best Corporate Governance Disclosure Awards 2013 to 2016. Between 2017 & 2023, he is the Chairman of the review panel of the Awards. Patrick is also a member of the Financial Reporting Review Panel of the Accounting and Financial Reporting Council (AFRC). 

Qualifications

Patrick received his Bachelor of Arts degree from Queen's University in Canada. Patrick is a Fellow of CPA Australia and a Certified Information System Auditor (CISA). He is also a member of the Institute of Internal Auditors (IIA).

Abstract

PIA (Privacy Impact Assessment) is an analysis of how personally identifiable information (PII) is handled to ensure compliance with appropriate regulations, determine the privacy risks associated with information systems or activities, and evaluate ways to reduce the privacy risks.

The PIA includes the following tasks:

1) Data processing cycle analysis – it enables a data user to identify the key areas of privacy concerns and focus its attention on addressing these concerns – in ensuring that personal data is collected on a fully informed basis and in a fair manner, with due consideration towards minimising the amount of personal data collected. Once collected, the personal data should be maintained and processed in a secure manner and should only be kept for as long as necessary for the fulfilment of the purposes of using the data. Use of the data should be limited to or related to the original collection purpose. Data Subjects are given the right to access and make corrections to their data;

2) Privacy risks analysis - specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving the Privacy Information Management System (‘PIMS’).

3) Avoiding or mitigating privacy risks - privacy risks should be avoided or mitigated to protect the personal data against indiscriminate or unauthorised access, processing, erasure, loss or use; and

4) PIA reporting – it records the due process undertaken by a data user to proactively manage the privacy risks.

PCA (Privacy Compliance Assessment) reviews the information systems and to verify the status after implementation of recommended safeguards to ensure that all privacy risks identified have been eradicated or mitigated or reduced to an acceptable level with regard to the recommendations provided in the PIA Report.

Date

27 June 2024, Thursday

Time

6:00pm – 7:00pm

Online Platform

Zoom

Language

Conducted in English

CPE Hour

(One hour)

Only for those who have participated in the event for 50 minutes or more

The Chapter will report your CPE Hour directly to the ISACA HQ. To facilitate the process, please ensure the registration form is correctly completed with:

[Attention: For CPE Entitlement]

1. Provide a valid ISACA ID (6 or 7 digits, but not certification number)

2. Name (Identical to ISACA record)

3. Email (Identical to ISACA record)

4. Apply your CPE hour after the chapter has uploaded your CPE hour to ISACA website (Email notification from the chapter will be sent within a week after the event)

5. If you provide an invalid ISACA ID, you will be removed from the registration list.

We will keep you informed once CPE recording to ISACA is completed. To check your ISACA ID, please log in your account at www.isaca.org.

Fees

• ISACA Member: Free of Charge
• Member of ACFEHK/ HKCS/ HKICPA/ CPA Canada/ IIAHK/ ASISHK: HK$150
• Non Member: HK$300

Deadline

By 5pm on 25 June 2024 (Tuesday)

Registration

• ISACA Member: Online Registration via Zoom
  
  
• Non-Member or member of ACFEHK/ HKCS/ HKICPA/ CPA Canada/ IIAHK/ ASISHK, please email events@isaca.org.hk  and provide your name, email address and respective membership number.

Registration Confirmation

Once you have completed the registration, you will immediately receive an email from Zoom showing the access details - ‘Time’, ‘Meeting ID’, ‘Passcode’, and also there is a ‘Add to calendar’

Zoom Access Information

On the date of the event, download the Zoom Apps to access the zoom meeting with the 'Meeting ID' and 'Password' provided in the Zoom email.

Remarks

• The webinar starts at 6pm sharp. If you signed in before 6pm, please wait for admission at the ‘Waiting Room’.
• Please be reminded that for CPE hour entitlement, you have to be present for the event for at least 50 minutes.
• Please do not share the zoom details to third party as the provided information is exclusive to registrants only.

Enquiries

Please contact our Administrative Team at (+852) 2528 3772 or email to events@isaca.org.hk