PCO Office of the Privacy Commissioner for Personal Data, Hong Kong imagebanner image
Privacy Policy StatementSearchSite DirectoryText Only VersionChinese  
image
About PCPD
image
The Ordinance
image
Review of the Ordinance
image
PCPD Activities
image
Information Centreimage
 Liberal Studies
image
Privacy Zone for Youngsters (Games)
image
Publications and Videos
image
Enquiries and Complaints
image
Case Notes
image
Contact Us
image
Annual ReportCode of Practice & Explanatory BookletConsultation Document/Report
NewsletterGuidance Note & Fact SheetLeaflet & FormOpinion Survey
OthersInvestigation Report / Inspection ReportInformation Book
image

Publications and Videos
Leaflet & Form
 

Personal Data (Privacy) Ordinance
A Guide For Data Users. No. 2
Compliance With Data Access And Correction Requests

SECTION 3

Non-Compliance with Data Access Request

Data User Shall Refuse

3.1 A data user shall refuse to comply with a data access request under any of the circumstances set out in paragraphs 3.2 and 3.3 below.

3.2 A data user shall refuse to comply with a data access request from a data subject if he is not provided with sufficient information to identify the data subject. In the case of a data access request submitted by a person on behalf of the data subject (a relevant person), he shall refuse the request if he is not provided with sufficient information to identify the data subject, or the person seeking the data, or to be satisfied that the person seeking the data is properly authorised to do so.

[section 20(1) (a) of the Ordinance.]

3.3 If the personal data sought under the data access request comprises personal data of another individual, and the data user cannot comply with the request without disclosing the personal data of that other individual, he shall refuse to comply with a data access request. This prohibition does not apply where the data user is satisfied that the other individual has consented to the disclosure of the data to the data subject submitting the request. This prohibition also does not apply to the extent that a data user can comply with a data access request without disclosing the identity of that other individual, for example by the omitting of names or other identifying particulars.

[section 20(1) (b) & 20(2) of the Ordinance.]

Data User May Refuse

3.4 A data user may refuse to comply with a data access request if :

  1. the request is not in writing in Chinese or English;

  2. he is not provided with sufficient information to locate the personal data that are being requested

  3. the request follows two or more similar requests made by the data subject or a relevant person on his or her behalf and it is unreasonable for the data user to comply;

  4. another data user controls the use of the personal data concerned in such a way that prohibits the data user receiving the data access request from complying with the request;

  5. the data access request is not made in a form which has been specified under section 67 of the Ordinance if such a form has been specified; or

  6. there is an applicable exemption from subject access provided for in Part VIII of the Ordinance.

[section 20(3) of the Ordinance.]

Previous Page image Next Page

  imageNotice/ Copyright 2001 Office of the Privacy Commissioner for Personal Data, Hong Kong. All rights reserved. Disclaimer