Governance

 

From day one, The Hong Kong Federation of Insurers (HKFI) has attached great importance to data privacy protection in line with public expectations.  The IFPCD fully embraces the concept of privacy-by-design in respect of system architecture and operations. 

An independent Steering Committee comprising of distinguished community leaders and experts in related fields is set up to oversee the proper establishment and operations of the IFPCD to ensure that public interest is well safeguarded.

Steering Committee

  • To advise on and oversee the setting up and implementation of the IFPCD to ensure that:
  • The construction of the system fully adheres to the cardinal principle of data privacy protection by design;
  • It has a proper and effective governance structure on risks control and risks mitigation;
  • Effective controls and operating procedures are in place to protect personal data privacy;
  • It is fit for the purpose in detecting potential frauds particularly those involving syndicates;
  • It operates on the principles of accountability, transparency and independent auditing.


Chairman:

Mr Edward Chan King Sang, SC
Barrister at Law

Non-industry Members:

Professor Chan Wai Sum
Professor of Finance of the Chinese University of Hong Kong

Mr Allan Chiang
Barrister-at-Law, Adjunct Professor at University of Hong Kong

Dr K P Chow
Associate Professor of the Department of Computer Science of the University of Hong Kong

Mr Fred Li
Former Legislative Councillor

Dr Laurence S L Shek
Specialist in Internal Medicine, Vice President of the University of Hong Kong Medical Alumni Association

Mr Simon Wong
Chief Executive Officer of Logistics and Supply Chain MultiTech R & D Centre Limited

Industry Members:

Mr Praveen Daswani
Local Chief Executive & Branch Manager, Hong Kong of Utmost Worldwide Limited

Mr Harry Wong
Director of Hong Leong Insurance (Asia) Limited

 

Data Privacy

  • We will be collecting the following data when a new claim is filed.:
    1. Policy information – e.g. policy number, client ID
    2. Claims information – e.g. date of accident, date of treatment
    3. Personal data – e.g. ID / passport number, name, date of birth
    4. Third party data – e.g. healthcare provider, repair shop
  • Access to the IFPCD – authorized access only with audit trail
  • Data Retention – limited to 7 years
  • Transparency – data subject can access their own personal data in the IFPCD and request to make correction
  • Accountability – governance structure & sanction for non-compliance insurance companies
  • Audit – annual and periodic audit by independent party
  • Data Privacy – Full compliance with Personal Data (Privacy) Ordinance and European Union's General Data Protection Regulation

 

Data Security

The IFPCD AI technology is provided by Shift Technology, a French Company based in Paris with an office in Hong Kong. Shift Technology has confirmed that:

  • the IFPCD is European Union (EU) - General Data Protection Regulation (GDPR) compliant.
  • the IFPCD uses highly secured technology including a restrictive firewall, service separation (databases/processing clusters/web interfaced), and all data transfer is encrypted.
  • the systems are subject to regular penetration tests.
  • there are also stringent controls over the access of data by authorized personnel with specific security badges, connection audits and security rules in place.
  • the Certified Datacentre IFPCD employs is in Hong Kong with physical protections, isolated on a dedicated network that meets SOC1, SOC2 and ISO27001 standards.