All practicable steps
shall be taken to ensure that personal data (including data in a form
in which access to or processing of the data is not practicable) held
by a data user are protected against unauthorized or accidental access,
processing, erasure or other use having particular regard to-
(a)
the
kind of data and the harm that could result if any of those things
should occur;
(b)
the
physical location where the data are stored;
(c)
any
security measures incorporated (whether by automated means or otherwise)
into any equipment in which the data are stored;
(d)
any
measures taken for ensuring the integrity, prudence and competence
of persons having access to the data, and
(e)
any
measures taken for ensuring the secure transmission of the data.
5. Principle 5 - information
to be generally available
All practicable steps
shall be taken to ensure that a person can-
(a)
ascertain
a data user's policies and practices in relation to personal data;
(b)
be
informed of the kind of personal data held by a data user;
(c)
be
informed of the main purposes for which personal data held by a data
user are or are to be used.
6. Principle 6 - access to personal
data
A data subject shall
be entitled to-
(a)
ascertain
whether a data user holds personal data of which he is the data subject;
(b)
request access
to personal data-
within a
reasonable time;
at a fee,
if any, that is not excessive;
in a reasonable
manner; and
in a form
that is intelligible;
(c)
be
given reasons if a request referred to in paragraph (b) is refused;
(d)
object
to a refusal referred to in paragraph (c);
(e)
request
the correction of personal data;
(f)
be
given reasons if a request referred to in paragraph (e) is refused,
and
Notice/
Copyright 2001 Office of the Privacy Commissioner for Personal
Data, Hong Kong. All rights reserved. Disclaimer
