Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Gabriela Kennedy

Posts by Gabriela Kennedy
Posted in Consumer Privacy, International/EU Privacy, Privacy & Security Litigation

In Hong Kong, When Is Public Data Actually Private Data?

Somewhat of a furor has been caused in Hong Kong by the decision of the Office of the Privacy Commissioner for Personal Data to issue an enforcement notice to stop a company from supplying data on individuals obtained from publicly available litigation and bankruptcy records via a smartphone application, claiming that the company “seriously invaded” the privacy of those individuals.

Posted in Consumer Privacy, International/EU Privacy

Hong Kong Issues Clearer Guidance on Privacy Notices

On July 29, the Hong Kong Office of the Privacy Commissioner for Personal Data has issued a new guidance note on preparing Personal Information Collection Statements and Privacy Policy Statements. The guidance note is intended to help organizations prepare clear and informative privacy notices in order to comply with the requirements under the Personal Data (Privacy) Ordinance and the Data Protection Principles.

Posted in Consumer Privacy, International/EU Privacy

Hong Kong Privacy Commissioner Joins International Review of Transparency and Mobile Apps

In May 2013, the Hong Kong Privacy Commissioner for Personal Data joined the Global Privacy Enforcement Network to conduct a privacy review to evaluate the transparency in the collection and use of personal data online, with a focus on Apps. This follows from the Privacy Commissioner’s issuance of an Information Leaflet in November 2012, which provides practical guidance aimed at App developers on how to comply with the Hong Kong Personal Data (Privacy) Ordinance Cap. 486. There is clearly a rising concern among both the Privacy Commissioner and the public on the collection and use of personal data through the use of Apps by App providers, both in Hong Kong and worldwide.

Posted in Consumer Privacy, International/EU Privacy

Hong Kong Privacy Commissioner for Personal Data Publishes “New Guidance on Direct Marketing”

On January 25, 2013 the Hong Kong Privacy Commissioner for Personal Data published its “New Guidance on Direct Marketing” to help organizations comply with the direct marketing provisions of the Personal Data Amendment Ordinance. The “Amendment Ordinance” was passed on June 27, 2012; while most of its provisions have already been implemented, the provisions relating […]

Posted in Cybersecurity & Data Breaches, International/EU Privacy

New Companies Ordinance to Restrict Access to Personal Data of Directors and Company Secretaries

The Hong Kong Government commenced the rewrite of the Companies Ordinance in 2006 with a view to modernising Hong Kong’s company law. The new Companies Ordinance (the “New Ordinance”, a copy of which can be accessed here) was passed by the Legislative Council on 12 July 2012 and gazetted on 10 August 2012. Among the […]

Posted in Consumer Privacy

An Enhancement of Privacy Rights in Australia

The Privacy Amendment (Enhancing Privacy Protection) Act (the “Reform Act“) was passed by the Australian Parliament in November 2012. The Reform Act marks the culmination of a lengthy amendment process which began in 2006 with a comprehensive review of the Privacy Act 1988 (the “Privacy Act“) and related laws by the Australian Law Reform Commission […]

Posted in Cybersecurity & Data Breaches

Hong Kong Privacy Commissioner Publishes Revised Guidance on Collection of Fingerprint Data

The Hong Kong Privacy Commissioner for Personal Data recently issued a guidance note entitled “Guidance on Collection of Fingerprint Data” to provide guidance to data users on how to comply with the Personal Data (Privacy) Ordinance when collecting fingerprint data. The Guidance Note elaborates on a guidance note published by the Commissioner in 2007 in light of the Commissioner’s views adopted in relation to numerous enquiries and investigations relating to the collection of fingerprint data since the 2007 Guidance Note was issued.

Posted in International/EU Privacy

Hong Kong Privacy Commissioner Publishes Guidance on the Handling of Data Access Requests and the Charging of Access Fees

In Hong Kong, an individual’s right to make an Access Request is expressly conferred by section 18of the Personal Data (Privacy) Ordinance which enables individuals to ascertain whether data users hold any personal data relating to them, and if so, to obtain a copy of such data. Individuals also have the right to request the correction of any inaccuracies contained in such data. Data users are required under the Ordinance to notify individuals of such access/correction rights, on or before the first use of their personal data. As described in this blog entry, the Hong Kong Privacy Commissioner for Personal Data recently issued a guidance note titled “Proper Handling of Data Access Request and Charging of Data Access Request Fee by Data Users” to provide data users with guidance on how to comply with data access requests as well as how to calculate the fees to be charged in connection with such Access Requests.

Posted in International/EU Privacy

Hong Kong’s Privacy Commissioner Publishes Guidance Note on Personal Data Erasure and Anonymisation

Organisations in Hong Kong are required under the Personal Data (Privacy) Ordinance to erase personal data when the data is no longer required for the purpose for which it was collected.
The Hong Kong Privacy Commissioner for Personal Data recently has published a Guidance Note, entitled “Guidance on Personal Data Erasure and Anonymisation,” which is relevant to compliance under the Ordinance.

Posted in Cybersecurity & Data Breaches

Hong Kong Guidance on the Use of Portable Storage Devices

Late last year, the Hong Kong Privacy Commissioner for Personal Data published a Guidance Note to assist data users with properly handling and protecting personal data contained in portable storage devices, including USB memory sticks, tablet/notebook computers, mobile/smart phones, personal digital assistants, portable hard drives and optical discs such as DVDs. This post reviews practical recommendations set forth by the Privacy Commissioner to help data users manage the security risks associated with the use of portable storage devices.

Posted in Cybersecurity & Data Breaches, International/EU Privacy

Investigation Into Car Park Management Company’s Collection of Vehicle Owners’ Registration Particulars for Direct Marketing

On 14 February 2012, the Hong Kong Privacy Commissioner published a report on an investigation into a car park management firm that owns 50 car parks in Hong Kong, regarding its collection of motorists’ registration particulars from the Transport Department’s Register of Vehicles, and the subsequent use of this information for direct marketing purposes. Imperial’s actions were found to contravene Data Protection Principles (“DPPs”) 1(2) (relating to manner of collection of personal data) and 3 (relating to use of personal data) of Schedule 1 to the Personal Data (Privacy) Ordinance (Cap. 486).

Posted in International/EU Privacy

Hong Kong Considers Sharing of Consumer Mortgage Data with Credit Providers

The Hong Kong financial services industry (as represented by the Consumer Credit Forum) with support from Hong Kong’s financial regulator, the Hong Kong Monetary Authority, has recently issued proposals to widen the scope of the current credit data sharing scheme in Hong Kong, in order to allow additional mortgage data of consumers to be shared among credit providers. This blog entry describes the proposals.

Posted in Cybersecurity & Data Breaches

Collection and use of personal data for direct marketing — Lessons from the Octopus Case in Hong Kong

Hong Kong   Data protection is currently a hot topic in Hong Kong. This is largely due to the furor caused by the discovery of the large scale sale of personal data by Hong Kong’s Octopus Rewards Limited (a company owned by Octopus Holdings Limited) over a number of years. We reported previously that the Hong […]