PCO Office of the Privacy Commissioner for Personal Data, Hong Kong imagebanner image
Privacy Policy StatementSearchSite DirectoryText Only VersionChinese  
image
About PCPD
image
The Ordinance
image
Review of the Ordinance
image
PCPD Activities
image
Information Centreimage
Privacy Zone for Youngsters (Games)
image
Publications and Videos
image
Enquiries and Complaints
image
Case Notes
image
Contact Us
image
Annual ReportCode of Practice & Explanatory BookletConsultation Document/Report
NewsletterGuidance Note & Fact SheetLeaflet & FormOpinion Survey
OthersInvestigation Report / Inspection ReportInformation Book
image

Publications and Videos
Leaflet & Form
 

Fact Sheet No. 3, November 1997

Personal Data Privacy : Guidelines on Cold-Calling

image

INTRODUCTION

Cold-calling is the practice of making a marketing approach by telephone to a potential customer with whom the caller has had no previous dealings. Individuals have a particular sensitivity about receiving such calls because they involve interacting with a party who is unknown to them other than by their own choice. Accordingly, cold-calls should always be made with care and sensitivity.

This fact sheet provides guidance on compliance with the requirements of section 34 of the Personal Data (Privacy) Ordinance ("the Ordinance"), in relation to cold-calling. Section 34 of the Ordinance, which is set out at the end of this fact sheet, requires the following:

  • A data user 1 on the first occasion that it uses an individual's personal data for direct marketing should inform the individual that he or she may request a data user to cease to use his or her personal data for direct marketing purposes;
  • If the individual makes such a request, the data user should cease to so use the data concerned.

Failure to comply with these requirements without reasonable excuse is an offence and renders the offender liable on conviction to a fine.

ACTION BY THE DATA USER

  • The data user should maintain a list of all individuals who have informed it that they do not wish to receive further direct marketing approaches from that company (the "opt-out list").
  • The opt-out list should be distributed to all staff members of the company who undertake direct marketing activities ("marketing staff members"). Distribution should be by the most immediate means available, e.g. by computer network.
  • The list should be updated regularly. Where the list is distributed on the company computer network, this should be done by the individual marketing staff members adding new opt-outs to the list as and when they are received. If the list is distributed other than by computer network, the updates should be notified to marketing staff members on a regular basis at no more than weekly intervals.
  • Where the data user conducts its business through branch offices, each branch office may maintain its own opt-out list of individuals who have informed the office that they do not wish to receive further direct marketing approaches from the company concerned. However, this should only be done as a substitute for the company-wide opt-out list if :
    • there is a clear division in the category of customers served by each branch office (based on geographical location or otherwise) without any overlapping;
    • the staff of one branch office are strictly prohibited from making direct marketing approaches to the category of customers served by another branch office; and
    • any opt-out notified by an individual to the head office of the company is forwarded promptly to the relevant branch office for inclusion in its opt-out list.
  • The data user should have precise procedures for staff to follow on accessing and updating the opt-out list and complying with the opt-out requirements of section 34 of the Ordinance.
  • Compliance by staff should be monitored by sample checking of the call logs of individual marketing staff members.
  • A staff member who fails to comply with these guidelines or the procedures of the data user in relation to the opt-out list should be subject to sanctions.
  • Data users should also provide training to marketing staff on direct marketing by telephone to minimise the intrusiveness of this marketing technique, including the matters covered in these guidelines.

ACTION BY MARKETING STAFF MEMBERS WHEN MAKING A COLD-CALL

Pre-call

  • Check that the number to be called does not appear on the opt-out list.

During the call

  • Identify the data user you represent and yourself by name.
  • Give an opt-out message along the following lines:
    • "If you do not wish to have further marketing calls from us, please tell me and we will not call again."

Post-call

  • Log the call, including the name of the person and the telephone number called.
  • If the called party has indicated that he or she does not wish to receive further calls from you, follow the procedure laid down for updating the opt-out list of the data user you represent.

1 In the Personal Data (Privacy) Ordinance the term data user, in relation to personal data, means a person who, either alone or jointly or in common with other persons, controls the collection, holding, processing or use of the data. In practice, a data user could be a company, Government department or other public body, charitable organisation or political party.

PERSONAL DATA (PRIVACY) ORDINANCE, SECTION 34


  imageNotice/ Copyright 2001 Office of the Privacy Commissioner for Personal Data, Hong Kong. All rights reserved. Disclaimer