MISSION STATEMENT To secure the protection of privacy of the individual with respect to personal data through promotion, monitoring and supervision of compliance with the Ordinance.
WHO WE ARE personal data. The Ordinance was first enacted in 1995 and amended in 2012. The 3
FUNCTIONS AND DUTIES OF THE PRIVACY COMMISSIONER FOR PERSONAL DATA conferred upon him under the Ordinance including promoting, monitoring and supervising compliance with the Ordinance, as well as
ABOUT THE ORDINANCE The Ordinance aims to protect the privacy rights of a person's personal data i.e. recorded information relating directly or indirectly who controls the collection, holding, processing or use of the personal data shall comply with the requirements under the Ordinance. 5
WHAT IS PERSONAL DATA records and employment records. WHO IS A DATA SUBJECT
WHO IS A DATA USER with other persons, controls the collection, holding, processing or use act of its authorised data processor. RIGHTS TO BE ENJOYED UNDER THE ORDINANCE right to give only necessary data right to fair collection for lawful purpose right to data accuracy right to withhold consent to change of use right to data security right of access right of correction 7
SIX DATA PROTECTION PRINCIPLES represent the normative core of the Ordinance and cover the entire life cycle of a piece of personal data. DPP 1 Collection Purpose & Means Personal data must be collected in a lawful and fair way, for a purpose directly related to a function/activity of the data user. All practicable steps shall be taken to notify the data subjects of the purpose of data collection, and the classes of persons to whom the data may be transferred. Data collected should be necessary but not excessive. DPP 2 Accuracy & Retention Personal data is accurate and is not kept for a period longer than is necessary to
DPP 3 Use Personal data is used for the purpose for which the data is collected or for a directly related purpose, unless voluntary and explicit consent is obtained from the data subject. DPP 4 Security A data user needs to take practical steps to safeguard personal data from unauthorised or accidental access, processing, erasure, loss or use. DPP 5 Openness A data user must make known to the public its personal data policies and practices, types of personal data it holds and how the data is used. DPP 6 Data Access & Correction A data subject must be given access to his personal data and to make corrections where the data is inaccurate. 9
HOW TO LODGE A COMPLAINT? of the party complained against, and full particulars of the case with COMPLAINT HANDLING 10
the party complained against to determine whether a prima facie case to undertake a formal investigation if the suspected contravention data user is contravening or has contravened a requirement under the decide whether or not to serve on the data user an enforcement notice. The notice will direct the relevant data user to take such steps (including enforcement notice, intentionally does the same act or makes the same refer the case to the police for investigation and prosecution. LEGAL ASSISTANCE grant legal assistance to the aggrieved individual who intends to institute proceedings to seek compensation. 11
COMPLAINT HANDLING CHART Nature the Ordinance of the Ordinance Ordinance other than 12 Notice or Warning Non-compliance with enforcement notice on a data user who has contravened a requirement under the Ordinance, an individual who suffers contravention, may seek compensation from the data assistance to the aggrieved individual who intends to institute proceedings to seek compensation.
HOW TO MAKE A DATA ACCESS REQUEST? a data user, e.g. a government department or a company, to ascertain whether it holds his personal data and to request a copy To make a data access request under the Ordinance, an individual or simply specify that his request is made under the Ordinance. PROMOTION AND PUBLIC EDUCATION programmes 13
Organising seminars and presentations for organisations to educate them on the requirements under the Ordinance Ordinance DATA PROTECTION OFFICERS' CLUB ("DPOC") protection officers with a platform for advancing the knowledge and
COPYRIGHT DISCLAIMER
TEL FAX ADDRESS EMAIL enquiry@pcpd.org.hk