Scribd
Upload
37 views17 pages

Topic 9 Privacy

Uploaded by

yum27557
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
37 views17 pages

Topic 9 Privacy

Uploaded by

yum27557
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 17

Topic 9

Privacy
OVERVIEW

• Cap. 486 Personal Data (Privacy) Ordinance


• Schedule 1 Data Protection Principles
• Office of the Privacy Commissioner for Personal Data, Hong Kong
• https://www.pcpd.org.hk/index.html
PERSONAL DATA (PRIVACY) ORDINANCE

Section 2 Interpretation
personal data (個人資料) means any data—

(a) relating directly or indirectly to a living individual;


(b) from which it is practicable for the identity of the individual to be directly or indirectly
ascertained; and
(c) in a form in which access to or processing of the data is practicable;
PRINCIPLE 1—PURPOSE AND MANNER OF
COLLECTION OF PERSONAL DATA
(1) Personal data shall not be collected unless—
(a) the data is collected for a lawful purpose directly related to a function or activity of the
data user who is to use the data;
(b) subject to paragraph (c), the collection of the data is necessary for or directly related to
that purpose; and
(c) the data is adequate but not excessive in relation to that purpose.
PRINCIPLE 1—PURPOSE AND MANNER OF
COLLECTION OF PERSONAL DATA
(2) Personal data shall be collected by means which are—
(a) lawful; and
(b) fair in the circumstances of the case.
EASTWEEK PUBLISHER LTD V PRIVACY COMMISSIONER
FOR PERSONAL DATA [2000] 2 HKLRD 83
Fact:
A photographer took a photo of a lady on the street.
The lady did not know about the photo.
The magazine released the photo and commented on her fashion sense.
The magazine did not know the identity of the lady. The lady complained to the Privacy
Commissioner.
Issue:
Whether there was a breach of Principle I(2)(b)?
CATHAY PACIFIC AIRWAYS LTD V ADMINISTRATIVE APPEAL
BOARD [2008] 5 HKLRD 539
Fact:
The airline investigated on some cabin crews who always took sick leave.
The airline asked them to provide medical records.
For those who did not provide the medical records, the airline could issue warning and also
terminate the employment contract. (disciplinary action)
Issue:
Whether there was a breach of Principle I(2)(b)?
PRINCIPLE 2—ACCURACY AND DURATION OF
RETENTION OF PERSONAL DATA
(1) All practicable steps shall be taken to ensure that—
(a) personal data is accurate having regard to the purpose (including any directly related purpose) for which
the personal data is or is to be used;
(2) All practicable steps must be taken to ensure that personal data is not kept longer than is necessary for
the fulfillment of the purpose (including any directly related purpose) for which the data is or is to be
used. (Amended 18 of 2012 s. 40)
Case Study:
(https://www.pcpd.org.hk/english/enforcement/case_notes/casenotes_2.php?id=2018C07&content_type=2&
content_nature=0&msg_id2=494)
PRINCIPLE 3 — USE OF PERSONAL DATA

(1) Personal data shall not, without the prescribed consent of the data subject, be used for a
new purpose.
(3) A data user must not use the personal data of a data subject for a new purpose even if the
prescribed consent for so using that data has been given under subsection (2) by a relevant
person, unless the data user has reasonable grounds for believing that the use of that data for
the new purpose is clearly in the interest of the data subject.
Case Study:
(https://www.pcpd.org.hk/english/enforcement/case_notes/casenotes_2.php?id=2019C08&conte
nt_type=3&content_nature=0&msg_id2=505)
PRINCIPLE 4 — SECURITY OF PERSONAL DATA

(1) All practicable steps shall be taken to ensure that any personal data (including data in a
form in which access to or processing of the data is not practicable) held by a data user is
protected against unauthorized or accidental access, processing, erasure, loss or use having
particular regard to

Case Study:
(https://www.pcpd.org.hk/english/enforcement/case_notes/casenotes_2.php?id=2019C09&c
ontent_type=4&content_nature=0&msg_id2=506)
PRINCIPLE 5—INFORMATION TO BE GENERALLY
AVAILABLE
All practicable steps shall be taken to ensure that a person can—
(a) ascertain a data user’s policies and practices in relation to personal data;
(b) be informed of the kind of personal data held by a data user;
(c) be informed of the main purposes for which personal data held by a data user is or is to
be used. (Amended 18 of 2012 s. 40)
Case Study:
(https://www.pcpd.org.hk/english/enforcement/case_notes/casenotes_2.php?id=2000A02&c
ontent_type=17&content_nature=0&msg_id2=186)
PRINCIPLE 6—ACCESS TO PERSONAL DATA

A data subject shall be entitled to—

(a) ascertain whether a data user holds personal data of which he is the data subject;
(b) request access to personal data

Case Study:
(https://www.pcpd.org.hk/english/enforcement/case_notes/casenotes_2.php?id=2019C04&c
ontent_type=7&content_nature=0&msg_id2=501)
WU KIT PING V ADMINISTRATIVE APPEALS BOARD (2007)
HCAL 60/2007
Fact:
A patient complained to the Department of Health that there was an wrong diagnosis of her condition.
The patient then requested the DOH to provide statements or explanations concerning her treatment.
The DOH provided the documents but the patient found that the names of the concerned doctors in the
report were omitted. Some statements were also removed from the documents.
The patient took the case to the court.
Held:
The court held that the patient could not have access to the names of the doctors but she could have
access to the statements that were related to the patient.
CONSEQUENCES OF BREACHING THE PRINCIPLE

• Make a complaint to the commissioner


• Enforcement notice (if not complied, fine and imprisonment)
• Litigation (Damages)
TUTORIAL QUESTION
Company A possessed some customer information for the customer’s e-payment service.
The company transferred the customer information to other companies but did not
disclose the said transfer to the customers.
TUTORIAL QUESTION
Job advertisement
Recruitment of driver
Hourly rate HKD100
Flexible working hours
Submit your personal data to this PO Box Number
TUTORIAL QUESTION
You joined a travel tour and the travel agent sent an email to all 20 members in the tour
about the confirmed details of the trip including your name, date of birth and passport
number.

You might also like