Somewhat of a furor has been caused in Hong Kong by the decision of the Office of the Privacy Commissioner for Personal Data to issue an enforcement notice to stop a company from supplying data on individuals obtained from publicly available litigation and bankruptcy records via a smartphone application, claiming that the company “seriously invaded” the privacy of those individuals.
Gabriela Kennedy
In Hong Kong, When Is Public Data Actually Private Data?
Hong Kong Issues Clearer Guidance on Privacy Notices
On July 29, the Hong Kong Office of the Privacy Commissioner for Personal Data has issued a new guidance note on preparing Personal Information Collection Statements and Privacy Policy Statements. The guidance note is intended to help organizations prepare clear and informative privacy notices in order to comply with the requirements under the Personal Data (Privacy) Ordinance and the Data Protection Principles.
Hong Kong Privacy Commissioner Joins International Review of Transparency and Mobile Apps
In May 2013, the Hong Kong Privacy Commissioner for Personal Data joined the Global Privacy Enforcement Network to conduct a privacy review to evaluate the transparency in the collection and use of personal data online, with a focus on Apps. This follows from the Privacy Commissioner’s issuance of an Information Leaflet in November 2012, which provides practical guidance aimed at App developers on how to comply with the Hong Kong Personal Data (Privacy) Ordinance Cap. 486. There is clearly a rising concern among both the Privacy Commissioner and the public on the collection and use of personal data through the use of Apps by App providers, both in Hong Kong and worldwide.
Hong Kong Privacy Commissioner for Personal Data Publishes “New Guidance on Direct Marketing”
On January 25, 2013 the Hong Kong Privacy Commissioner for Personal Data published its “New Guidance on Direct Marketing” to help organizations comply with the direct marketing provisions of the Personal Data Amendment Ordinance. The “Amendment Ordinance” was passed on June 27, 2012; while most of its provisions have already been implemented, the provisions relating […]
New Companies Ordinance to Restrict Access to Personal Data of Directors and Company Secretaries
The Hong Kong Government commenced the rewrite of the Companies Ordinance in 2006 with a view to modernising Hong Kong’s company law. The new Companies Ordinance (the “New Ordinance”, a copy of which can be accessed here) was passed by the Legislative Council on 12 July 2012 and gazetted on 10 August 2012. Among the […]
An Enhancement of Privacy Rights in Australia
The Privacy Amendment (Enhancing Privacy Protection) Act (the “Reform Act“) was passed by the Australian Parliament in November 2012. The Reform Act marks the culmination of a lengthy amendment process which began in 2006 with a comprehensive review of the Privacy Act 1988 (the “Privacy Act“) and related laws by the Australian Law Reform Commission […]
Hong Kong Privacy Commissioner Publishes Revised Guidance on Collection of Fingerprint Data
The Hong Kong Privacy Commissioner for Personal Data recently issued a guidance note entitled “Guidance on Collection of Fingerprint Data” to provide guidance to data users on how to comply with the Personal Data (Privacy) Ordinance when collecting fingerprint data. The Guidance Note elaborates on a guidance note published by the Commissioner in 2007 in light of the Commissioner’s views adopted in relation to numerous enquiries and investigations relating to the collection of fingerprint data since the 2007 Guidance Note was issued.
Hong Kong Privacy Commissioner Publishes Guidance on the Handling of Data Access Requests and the Charging of Access Fees
In Hong Kong, an individual’s right to make an Access Request is expressly conferred by section 18of the Personal Data (Privacy) Ordinance which enables individuals to ascertain whether data users hold any personal data relating to them, and if so, to obtain a copy of such data. Individuals also have the right to request the correction of any inaccuracies contained in such data. Data users are required under the Ordinance to notify individuals of such access/correction rights, on or before the first use of their personal data. As described in this blog entry, the Hong Kong Privacy Commissioner for Personal Data recently issued a guidance note titled “Proper Handling of Data Access Request and Charging of Data Access Request Fee by Data Users” to provide data users with guidance on how to comply with data access requests as well as how to calculate the fees to be charged in connection with such Access Requests.
Hong Kong Personal Data (Privacy)Ordinance Amendment Prompts Reviews of Data Protection Policies and Practices
The Hong Kong Personal Data (Privacy) Amendment Ordinance was passed on 27 June 2012. This ends a nearly three year process initially spurred by the need to bring the existing legislation in line with technological and other advancements that occurred since it was enacted in 1996.
Hong Kong’s Privacy Commissioner Publishes Guidance Note on Personal Data Erasure and Anonymisation
Organisations in Hong Kong are required under the Personal Data (Privacy) Ordinance to erase personal data when the data is no longer required for the purpose for which it was collected.
The Hong Kong Privacy Commissioner for Personal Data recently has published a Guidance Note, entitled “Guidance on Personal Data Erasure and Anonymisation,” which is relevant to compliance under the Ordinance.
Hong Kong Guidance on the Use of Portable Storage Devices
Late last year, the Hong Kong Privacy Commissioner for Personal Data published a Guidance Note to assist data users with properly handling and protecting personal data contained in portable storage devices, including USB memory sticks, tablet/notebook computers, mobile/smart phones, personal digital assistants, portable hard drives and optical discs such as DVDs. This post reviews practical recommendations set forth by the Privacy Commissioner to help data users manage the security risks associated with the use of portable storage devices.
Investigation Into Car Park Management Company’s Collection of Vehicle Owners’ Registration Particulars for Direct Marketing
On 14 February 2012, the Hong Kong Privacy Commissioner published a report on an investigation into a car park management firm that owns 50 car parks in Hong Kong, regarding its collection of motorists’ registration particulars from the Transport Department’s Register of Vehicles, and the subsequent use of this information for direct marketing purposes. Imperial’s actions were found to contravene Data Protection Principles (“DPPs”) 1(2) (relating to manner of collection of personal data) and 3 (relating to use of personal data) of Schedule 1 to the Personal Data (Privacy) Ordinance (Cap. 486).
Privacy Commissioner Releases Findings on Investigations into Hong Kong Retail Banks
On 15 December 2011, the Privacy Commissioner for Personal Data published his final findings on investigations into the collection, retention and transfer of personal data by a number of retail banks in Hong Kong, launched in August 2010.
Hong Kong Considers Sharing of Consumer Mortgage Data with Credit Providers
The Hong Kong financial services industry (as represented by the Consumer Credit Forum) with support from Hong Kong’s financial regulator, the Hong Kong Monetary Authority, has recently issued proposals to widen the scope of the current credit data sharing scheme in Hong Kong, in order to allow additional mortgage data of consumers to be shared among credit providers. This blog entry describes the proposals.
Collection and use of personal data for direct marketing — Lessons from the Octopus Case in Hong Kong
Hong Kong Data protection is currently a hot topic in Hong Kong. This is largely due to the furor caused by the discovery of the large scale sale of personal data by Hong Kong’s Octopus Rewards Limited (a company owned by Octopus Holdings Limited) over a number of years. We reported previously that the Hong […]