PCO Office of the Privacy Commissioner for Personal Data, Hong Kong imagebanner image
Privacy Policy StatementSearchSite DirectoryText Only VersionChinese  
image
About PCPD
image
The Ordinance
image
Review of the Ordinance
image
PCPD Activities
image
Information Centreimage
 Liberal Studies
image
Privacy Zone for Youngsters
image
Publications and Videos
image
Enquiries and Complaints
image
Case Notes
image
Contact Us
image
Media StatementSpeeches and Articles & PapersMulti-media Information
Exhibition MaterialsOther Related WebsitesArchiveOther Resources
On-line Self TrainingSubmissions to Public Consultation
image

Information Centre
A data user convicted for failing to comply with Enforcement Notice

 
 


Date: 17 December  2008
A data user convicted for failing to comply with Enforcement Notice

1.    A data user who was found guilty of failing to comply with an Enforcement Notice (“EN”) served on him by the Privacy Commissioner under section 50(1) of the Personal Data (Privacy) Ordinance was fined $5,000 today (17 December) by a magistrate sitting at Tuen Mun Magistracy.

2.    The case arose from a complaint lodged with the Privacy Commissioner by Mr. X (who was formerly the supervisor of the data user) that the data user had secretly tape recorded their conversation during a lunch meeting and subsequently uploaded the recording which contained the personal data of Mr. X on a number of websites and online forums.

3.    Upon completion of an investigation, the Privacy Commissioner formed the view that the data user had contravened Data Protection Principle 3 (“DPP3”) in Schedule 1 to the Ordinance in relation to his disclosure of Mr. X’s personal data.  An EN was served on the data user directing him to remove the recording from the websites and online forums.

4.    Data Protection Principle 3 of the Personal Data (Privacy) Ordinance stipulates that unless with the prescribed consent of the data subject, personal data shall only be used for the original purpose of use at the time of collection or its directly related purpose.  In this case, the Privacy Commissioner was of the view that the disclosure of Mr. X’s personal data on the Internet by the data user for public access without the prior consent of Mr. X was contrary to DPP3.

5.    The data user did not comply with the EN but lodged an appeal with the Administrative Appeals Board (“AAB”) against the Commissioner’s decision.  In April 2007, AAB dismissed the data user’s appeal.  Following that, the Privacy Commissioner required the data user to comply with the EN.  Still, the data user failed to do so.

6.    The case was then referred to the police for prosecution under section 64(7) of the Ordinance.

7.    The Privacy Commissioner Mr. Roderick B Woo said, “I would like to draw the public’s attention to the fact that while a contravention of a data protection principle is generally not a criminal offence under the Ordinance but a data user who fails to comply with an enforcement notice commits a criminal offence and is liable on conviction to a maximum fine of $50,000 and imprisonment for 2 years and, in the case of a continuing offence, to a daily penalty of $1,000.”

END

 

Back to top

BackArchive

  imageNotice/ Copyright 2001 Office of the Privacy Commissioner for Personal Data, Hong Kong. All rights reserved. Disclaimer