PCO Office of the Privacy Commissioner for Personal Data, Hong Kong imagebanner image
Privacy Policy StatementSearchSite DirectoryText Only VersionChinese  
image
About PCPD
image
The Ordinance
image
Review of the Ordinance
image
PCPD Activities
image
Information Centreimage
Privacy Zone for Youngsters (Games)
image
Publications and Videos
image
Enquiries and Complaints
image
Case Notes
image
Contact Us
image
Annual ReportCode of Practice & Explanatory BookletConsultation Document/Report
NewsletterGuidance Note & Fact SheetLeaflet & FormOpinion Survey
OthersInvestigation Report / Inspection ReportInformation Book
image

Publications and Videos
Annual Report
 
Complaint Investigations

Complaints Received 2007-2008

1
Annual Complaint Caseload
Annual Complaint Caseload
A total of 834 complaint cases were received in 2007-2008 (a decrease of 22% on the previous year).
 
2
Types of Party Complained Against
Types of Party Complained Against
  • 620 (74%) complaint cases were against private sector organizations.
  • 115 (14%) complaint cases were against public sector organizations (i.e. government departments and other public bodies).
  • 99 (12%) complaint cases were against individuals.
 
3
Complaints Against Private Sector Organizations
Annual Complaint Caseload
The major i ty of complaint s agains t the telecommunications and financial sectors alleged the unlawful use or disclosure of customers' personal data.
 
4
Complaints Against Public Sector Organizations
Complaints Against Public Sector Organizations

The majority of complaints against public sector organizations involved:

  • the alleged use of personal data beyond the scope of collection purpose and without the consent of the individual (46%);
  • non-compliance with data access or correction requests (22%);
  • excessive or unfair collection of personal data (17%);
  • and lack of security measures to protect personal data (11%).
¢´
Nature of Complaints
Nature of Complaints

The 834 complaint cases received in 2007-2008 involved a total of 1344 alleged breaches of the requirements of the Ordinance. Of these, 1169 (87%) were alleged breaches of the data protection principles and 175 (13%) were alleged contraventions of the provisions in the main body of the Ordinance.

Of the 1169 alleged breaches of the data protection principles, 242 (21%) concerned the alleged excessive or unfair collection of personal data of complainants. In this categor y, 45 cases (19%) involved allegations, some are against financial institutions or telecommunications companies, for collection of complainants' personal data from unknown sources for the recovery of debts or direct marketing purposes.

There is a misunderstanding among some complainants regarding the ambit of the Ordinance when applies to collection of personal data. A common example is that some complainants believe that their personal data can only be collected from them direct or after prior consent having been obtained from them or that they must be notified of it. The Ordinance provides that personal data shall be collected by means which are lawful and fair in the circumstances of the case. However, the Ordinance does not require a data user to obtain the consent of the data subject for collection from third party of his personal data or to notify him of the collection. In an administrative appeal case, the Administrative Appeals Board ruled that the mere evidence of the holding of personal data by a person could not prove that he had obtained the data by unfair or unlawful means. Accordingly, the collection of personal data from sources other than the data subject without his knowledge or consent, without more, does not suggest a contravention of the Ordinance.
 

Previous PageTable of ContentsNext Page

  imageNotice/ Copyright 2001 Office of the Privacy Commissioner for Personal Data, Hong Kong. All rights reserved. Disclaimer