PCO Office of the Privacy Commissioner for Personal Data, Hong Kong imagebanner image
Privacy Policy StatementSearchSite DirectoryText Only VersionChinese  
image
About PCPD
image
The Ordinance
image
Review of the Ordinance
image
PCPD Activities
image
Information Centreimage
Privacy Zone for Youngsters
image
Publications and Videos
image
Enquiries and Complaints
image
Case Notes
image
Contact Us
image
Press ReleasesSpeeches and Articles & PapersAnnouncement of Public Interest
Exhibition MaterialsOther Related WebsitesArchiveOther Resources
On-line Self TrainingSubmissions to Public Consultation
image

Information Centre
Response to media report on the suspected misuse of account data in promoting financial products by banks

 
Date: 20 October 2008

Response to media reports on the suspected misuse of account data in promoting financial products by banks

1.    In response to media reports on “Some groups were concerned about the use of account data in the promotion of financial products by banks, suspecting that personal data were misused”, the Office of the Privacy Commissioner for Personal Data (“the PCPD”) made the following response.

2.    From the perspective of personal data privacy, of relevance in this situation are the data protection principles of the Personal Data (Privacy) Ordinance (“the Ordinance”) on the collection and use of personal data.  Acting Privacy Commissioner for Personal Data, Ms. Bonnie Smith said, “We understand public’s concern for the suspected use of customers’ personal data in the promotion of financial products by banks.  As a regulator in protecting the personal data of the public, I am obliged to remind and assist the public and private sectors in the compliance of the Ordinance.”

3.    Generally speaking, the data protection principle on the collection of personal data provides that a data user can collect adequate but not excessive personal data by fair means in the circumstances of the case for a lawful purpose directly related to a function or activity of the data user.  Moreover, on or before collecting the data, the data user has to inform the data subject of the purpose for which the data are to be used, and the classes of persons to whom the data may be transferred. 

4.    Therefore, before providing their data to any organization, citizens should take note of its Personal Information Collection Statement and understand its purpose of collection.

5.    Moreover, the data protection principle on the use of personal data requires that personal data shall not, without prescribed consent of the data subject, be used for the purposes other than the purpose for which they were originally collected or a directly related purpose.

6.    The Ordinance also requires that when using personal data for direct marketing for the first time, the data user should inform the data subject that he can make an opt-out request to stop the use of his personal data for direct marketing.  If the individual has made such a request, the data user should stop using the data without any fee.  In this connection, the PCPD had published a fact sheet,“Personal Data Privacy: Guidelines on Cold-Calling” years ago to assist data users to comply with the Ordinance when using personal data for direct marketing.

7.    From the beginning of this year till now, the PCPD has received eight cases related to the use of personal data of the complainants for direct marketing without consent, and one of which was related to the banking industry, but after investigation, it was found that did not fall into the jurisdiction of the Ordinance.


END





 

Back to top

BackArchive

  imageNotice/ Copyright 2001 Office of the Privacy Commissioner for Personal Data, Hong Kong. All rights reserved. Disclaimer