PCO Office of the Privacy Commissioner for Personal Data, Hong Kong imagebanner image
Privacy Policy StatementSearchSite DirectoryText Only VersionChinese  
image
About PCPD
image
The Ordinance
image
PCPD Activities
image
Information Centreimage
Privacy Zone for Youngsters (Games)
image
Publications and Videos
image
Enquiries and Complaints
image
Case Notes
image
Contact Us
image
Annual ReportCode of Practice & Explanatory BookletConsultation Document/Report
NewsletterGuidance Note & Fact SheetLeaflet & FormOpinion Survey
OthersInvestigation Report / Inspection ReportInformation Book
image

Publications and Videos
Leaflet & Form
 

PERSONAL DATA (PRIVACY) ORDINANCE
A GUIDE FOR DATA USERS - NO.1

The Privacy Commissioner for Personal Data

The Ordinance establishes an independent statutory office to enforce and promote compliance with provisions of the Ordinance. It is headed by the Privacy Commissioner for Personal Data appointed by the Chief Executive. His duties and powers include:

  • promoting the awareness and understanding of the Ordinance's requirements;

  • approving and issuing codes of practice giving practical guidance on compliance with the Ordinance;

  • approving requests from data users on automated matching of personal data;

  • specifying classes of data users required to submit annual returns and compiling a register of data users for public inspection;

  • inspection of personal data systems and making recommendations for compliance with provisions of the Ordinance; and

  • investigation of suspected breaches of the Ordinance's requirements and issuing enforcement notices to data users requiring compliance with the Ordinance.

Data Protection Principles

Schedule 1 sets out six data protection principles in line with international practice. They are :

Principle 1 - Purpose and manner of collection - this requires lawful and fair collection of personal data and sets out the information a data user must give to a data subject when collecting personal data from that subject.

Principle 2 - Accuracy and duration of retention - this provides that personal data should be accurate, up-to-date and kept no longer than necessary.

Principle 3 - Use of personal data - this provides that unless the data subject gives consent otherwise personal data should only be used for the purposes for which they were collected or a directly related purpose.

Principle 4 - Security of personal data - this requires appropriate security measures to be applied to personal data (including data in a form for which access or processing is not practicable).

Principle 5 - Information to be generally available - this provides for openness by data users about their policies and practices in relation to personal data, the kinds of personal data they hold and the main purposes for which personal data are used.

Principle 6 - Access to personal data - this provides for data subjects to have rights of access to and correction of their personal data. Detailed guidance on the data access and correction requirements of the Ordinance is given in Data User Guide No. 2. An outline action plan for complying with the data protection principles is given in Data User Guide No.3.

Previous PageimageNext Page

  imageNotice/ Copyright 2001 Office of the Privacy Commissioner for Personal Data, Hong Kong. All rights reserved. Disclaimer