PCO Office of the Privacy Commissioner for Personal Data, Hong Kong image image
Privacy Policy StatementSearchSite DirectoryText Only VersionChinese  

The Ordinance at a GlanceThe Ordinance (Full Text)Code of Practice
Examples of PICS
image

The Ordinance
The Ordinance at a Glance
 
 

Objectives
Scope of Coverage
Commencement of Ordinance
Implications for Data Users and Data Subjects
The Privacy Commissioner for Personal Data
Data Protection Principles
Exemptions
Offences and Compensation

The Privacy Commissioner for Personal Data
The Office of The Privacy Commissioner for Personal Data is headed by the Privacy Commissioner of Personal Data who is appointed by the Chief Executive. His duties and powers include:

  • promoting the awareness and understanding of the Ordinance's requirements;
  • approving and issuing codes of practice giving practical guidance on compliance with the Ordinance;
  • approving requests from data users on automated matching of personal data;
  • specifying classes of data users required to submit annual returns and to compile a register of data users for public inspection;
  • inspection of personal data systems and making recommendations for compliance with provisions of the Ordinance; and
  • investigation of suspected breaches of the Ordinance's requirements and issuing enforcement notices to data users as appropriate.

Data Protection Principles
Principle 1 -- Purpose and manner of collection This provides for the lawful and fair collection of personal data and sets out the information a data user must give to a data subject when collecting personal data from that subject.

Principle 2 -- Accuracy and duration of retention This provides that personal data should be accurate, up-to-date and kept no longer than necessary.

Principle 3 -- Use of personal data This provides that unless the data subject gives consent otherwise personal data should be used for the purposes for which they were collected or a directly related purpose.

Principle 4 -- Security of personal data This requires appropriate security measures to be applied to personal data (including data in a form in which access to or processing of the data is not practicable).

Principle 5 -- Information to be generally available This provides for openness by data users about the kinds of personal data they hold and the main purposes for which personal data are used.

Principle 6 -- Access to personal data This provides for data subjects to have rights of access to and correction of their personal data.

Exemptions
The Ordinance provides specific exemptions from the requirements of the Ordinance. They include:

  • a broad exemption from the provisions of the Ordinance for personal data held for domestic or recreational purposes;
  • exemptions from the requirements on subject access for certain employment related personal data; and
  • exemptions from the subject access and use limitation requirements of the Ordinance where their application is likely to prejudice certain competing public or social interests, such as: security, defence and international relations; prevention or detection of crime; assessment or collection of any tax or duty; news activities; and health.

Offences and Compensation
There are a variety of offences, for example non-compliance with an enforcement notice served by the Privacy Commissioner carries a penalty of a fine at Level 5 (at present $50,000) and imprisonment for 2 years.

An individual who suffers damage, including injured feeling, by reason of a contravention of the Ordinance in relation to his or her personal data may seek compensation from the data user concerned.

Back to top

Previous Page

  imageNotice/ Copyright © Office of the Privacy Commissioner for Personal Data, Hong Kong. All rights reserved. Disclaimer
The contents of this website (including all uploaded publications) must be read subject to the Personal Data (Privacy) (Amendment) Ordinance 2012. Full Version