Privacy Commissioner for Personal Data’s 2008-09 Annual Report
Tabled in the Legislative Council


1.    The Privacy Commissioner for Personal Data’s 2008-09 Annual Report was tabled in the Legislative Council yesterday (16 December).

2.    The Office of the Privacy Commissioner for Personal Data (“the PCPD”) received a total of 824 complaint cases, and 14,738 enquiries (a 17% increase compared with the previous year) in the year.  620 complaints were against private sector organizations; 111 were against public sector organizations and the remaining 93 were against individuals.

3.    In the complaints against private sector organizations, most of them were against financial institutions (146 cases), followed by telecommunications (97 cases) and property management (88 cases).

4.    Most of the complainants complained that their personal data had been used without their consent (426 cases).  Other complaints were related to data collections and purposes (259 cases), and data security (172 cases).

5.    Regarding the outcome of investigations, of the 799 cases completed during the year, 37 cases were resolved after formal investigations; 89 case were resolved through mediation; 46 cases were withdrawn by complainants during the preliminary enquiries; 334 cases were found to have no prima facie case; 73 cases were found to be unsubstantiated after enquiries with the parties being complained against; 111 cases were outside the jurisdiction of the Personal Data (Privacy) Ordinance; and the remaining 109 cases involved mostly complaints where the complainants did not respond to the Privacy Commissioner’s inquiries or where the matter had been transferred or reported to other authorities.

6.    The Privacy Commissioner issued 14 enforcement notices during the year directing the relevant data users to take specified remedial actions to rectify the contraventions.  The Privacy Commissioner also issued 13 warning letters and provided advice and/or recommendations to 34 organizational data users.

7.    A series of leakage of patients’ data by public hospitals happened during the year.  The Privacy Commissioner exercised his inspection power for the first time and inspected the Hospital Authority’s patients’ data security system.  After the inspection, the Privacy Commissioner published a report giving 37 recommendations to the Hospital Authority to help the Authority improve its patients’ data security system from the perspective of data protection.

8.    The PCPD operates with maximum permissible transparency.  Some complaint cases were summarized in the Annual Report.  For more information and reports, please visit the PCPD’s website (www.pcpd.org.hk).

9.    The last two PCPD’s Annual Reports won the Bronze Prizes in the 18th and 19th International Astrid Awards.  The theme of this year’s Annual Report is “The Art of Promoting Privacy Rights” highlighting the statutory role of the Privacy Commissioner to promote awareness of personal data privacy.  Last year, the PCPD worked with overseas and local allies in organizing the second Privacy Awareness Week and the second industry-wide privacy campaign (this time for the estate agency trade). 

10.    The Privacy Commissioner, Mr. Roderick B. Woo has prepared a Work Report which is intended to serve as a companion to the Annual Report.  Mr. Woo said, “I commenced work as the Privacy Commissioner for Personal Data in August 2005.  Of the term of five years, four and half years have passed and it is time to present my end-of-term Work Report.  The Work Report contains my review and some forward-looking views.”

11.    Mr. Woo said, “In the past four and half years, though the volume and complexity of work exceeded all expectations, I have been happy to take on all challenges and play the role of privacy guardian with zest.  I hope that the Government will allocate more resources to the Privacy Commissioner to perform more effectively in fulfillment of the public’s reasonable expectation.”

12.    The Annual Report and the Privacy Commissioner's Work Report are available on the PCPD's website (www.pcpd.org.hk).





END