PCO Office of the Privacy Commissioner for Personal Data, Hong Kong imagebanner image
Privacy Policy StatementSearchSite DirectoryText Only VersionChinese  
image
About PCPD
image
The Ordinance
image
PCPD Activities
image
Information Centreimage
Privacy Zone for Youngsters
image
Publications and Videos
image
Enquiries and Complaints
image
Case Notes
image
Contact Us
image
The Ordinance at a GlanceThe Ordinance (Full Text)Code of Practice
Examples of PICS
image

The Ordinance
The Ordinance (Full Text)
 

CHAPTER 486
PERSONAL DATA (PRIVACY) ORDINANCE

SCHEDULE 1 [s. 2(1) & (6)]

DATA PROTECTION PRINCIPLES (cont.)

4. Principle 4-security of personal data

All practicable steps shall be taken to ensure that personal data (including data in a form in which access to or processing of the data is not practicable) held by a data user are protected against unauthorized or accidental access, processing, erasure or other use having particular regard to-

(a)

the kind of data and the harm that could result if any of those things should occur;

(b)

the physical location where the data are stored;

(c) any security measures incorporated (whether by automated means or otherwise) into any equipment in which the data are stored;
(d) any measures taken for ensuring the integrity, prudence and competence of persons having access to the data, and
(e) any measures taken for ensuring the secure transmission of the data.

5. Principle 5-information to be generally available

All practicable steps shall be taken to ensure that a person can-

(a)

ascertain a data user's policies and practices in relation to personal data;

(b)

be informed of the kind of personal data held by a data user;

(c)

be informed of the main purposes for which personal data held by a data user are or are to be used.

6. Principle 6-access to personal data

A data subject shall be entitled to

(a)

ascertain whether a data user holds personal data of which he is the data subject;

(b)

request access to personal data-

  1. within a reasonable time;
  2. at a fee, if any, that is not excessive;
  3. in a reasonable manner and
  4. in a form that is intelligible
(c) be given reasons if a request referred to in paragraph (b) is refused;
(d) object to a refusal referred to in paragraph (c);
(e) request the correction of personal data;
(f) be given reasons if a request referred to in paragraph (e) is refused, and
(g) object to a refusal referred to in paragraph (f).

Back to top

Previous PageTable of ContentsNext Page

  imageNotice/ Copyright 2001 Office of the Privacy Commissioner for Personal Data, Hong Kong. All rights reserved. Disclaimer