PCO Office of the Privacy Commissioner for Personal Data, Hong Kong imagebanner image
Privacy Policy StatementSearchSite DirectoryText Only VersionChinese  
image
About PCPD
image
The Ordinance
image
Review of the Ordinance
image
PCPD Activities
image
Information Centreimage
 Liberal Studies
image
Privacy Zone for Youngsters
image
Publications and Videos
image
Enquiries and Complaints
image
Case Notes
image
Contact Us
image
The Ordinance at a GlanceThe Ordinance (Full Text)Code of Practice
Examples of PICS
image

The Ordinance
Code of Practice on the Identity Card Number and other Personal Identifiers
 

The following paragraph seeks to give practical effect to the Personal Data Use Limitation Principle (Data Protection Principle 3):

2.6

Subject to any applicable exemption from Data Protection Principle 3 in the Ordinance, a data user who has collected the identity card number of an individual should not use it for any purpose except:

2.6.1

for the purpose for which it was collected pursuant to clause 2.3;
Note: Where a data user has collected an ID card number for more than one purpose pursuant to clause 2.3, it may use the number for any of those purposes. For example, an employer who has collected the ID number of an employee may use such number to show its compliance with the relevant statutory requirement. It may also use such number for providing medical insurance to the employee in advancement of his interest.
2.6.2 in carrying out a "matching procedure" permitted under section 30 of the Ordinance;
2.6.3 for linking, retrieving or otherwise processing records held by it relating to the individual;
2.6.4 for linking, retrieving or otherwise processing records relating to the individual held by it and another data user where the personal data comprised in those records have been collected by the respective data users for one particular purpose shared by both;
Note: For example, employees' ID card numbers may be used for the linking of their records held by different data users under the Mandatory Provident Fund system. On the other hand, customers records held by two banks which comprise of personal data collected by each one of them for the purpose of marketing its own services should not be linked via ID card numbers contained in such records.
2.6.5 for a purpose required or permitted by any other code of practice from time to time in force under section 12 of the Ordinance; or
2.6.6 for a purpose to which the holder of the identity card has given his prescribed consent.
Note: Under sections 2(3) of the Ordinance, "prescribed consent" means express consent given voluntarily which has not been withdrawn by notice in writing.

Back to top

Previous PageimageNext Page

  imageNotice/ Copyright 2001 Office of the Privacy Commissioner for Personal Data, Hong Kong. All rights reserved. Disclaimer