PCO Office of the Privacy Commissioner for Personal Data, Hong Kong imagebanner image
Privacy Policy StatementSearchSite DirectoryText Only VersionChinese  
image
About PCPD
image
The Ordinance
image
Review of the Ordinance
image
PCPD Activities
image
Information Centreimage
 Liberal Studies
image
Privacy Zone for Youngsters (Games)
image
Publications and Videos
image
Enquiries and Complaints
image
Case Notes
image
Contact Us
image
Annual ReportCode of Practice & Explanatory BookletConsultation Document/Report
NewsletterGuidance Note & Fact SheetLeaflet & FormOpinion Survey
OthersInvestigation Report / Inspection ReportInformation Book
image

Publications and Videos
Leaflet & Form
 

Personal Data (Privacy) Ordinance
A Guide For Data Users No. 3
Outline Action Plan For Complying with the Data Protection Principles

ACTION 1 - Collect Personal Data Fairly

Data Protection Principle 1 - purpose and manner of collection of personal data

Step 5: Review purposes of collection

  • Review each purpose identified in Step 2 to ensure that it is lawful. See Step 4 above for guidance on what is meant by lawful.

  • Review whether each purpose identified in Step 2 is directly related to your functions or activities identified in Step 3. If any of your purposes do not meet this test, cease to collect personal data for the purpose concerned

  • Review whether the personal data you are collecting are really needed for the purposes identified in Step 2. The personal data you collect should be adequate for such purposes, but not excessive. If you are collecting personal data that fail this test, take action to ensure that you cease to collect the data concerned. For example, a form used for collecting personal data from an individual for certain purposes may also collect data about his or her relatives that are neither necessary nor relevant to those purposes. In such a case, the parts of the form that ask for the unnecessary personal data should be removed. If the personal data sought by those parts of a form are necessary in relation to some classes of individual, but not others, care should be taken to structure the form so that only the former are asked to complete the part concerned.

Step 6: Identify classes of transferees

Identify any classes of persons to whom personal data collected by each means of collection identified in Step 1 may be transferred. For example, a company may regularly pass on personal data collected by a particular form to subsidiary companies within the same group.

Step 7: Inform individuals of purposes of collection, etc.

For each means of collection identified in Step 1, where the personal data are collected from the subject of the data (data subject), draw up and implement arrangements to ensure the data subject is informed :

  • explicitly or implicitly, of whether it is obligatory to supply the data being collected, such as where there is a legal obligation to do so, and, if so, the consequence if the data subject does not do so; and

  • explicitly, of:

    • the purposes of collection identified in Step 2 (which may be expressed in general or specific terms);

    • the classes of person to whom the data may be transferred identified in Step 6;

    • the rights of the data subject to request access to and correction of the personal data; and

    • the name and address of the individual in your organisation to whom personal data access and correction requests may be made.

Possible arrangements for informing data subjects of these matters include printing them with reasonable prominence on the relevant form as a personal information collection statement, inviting the data subject to read a printed notice that sets them out or orally informing the data subject of them.

Previous PageimageNext Page

  imageNotice/ Copyright 2001 Office of the Privacy Commissioner for Personal Data, Hong Kong. All rights reserved. Disclaimer