PCPD - Internet Surfing with Privacy in mind - A Guide for Individual Net Users Internet Surfing with

Investigation Report / Inspection Report

Publications and Videos
Leaflet & Form

Internet Surfing with Privacy in mind - A Guide for Individual Net Users

Step 3 - Taking precautions while surfing the Internet

Checklist	Suggestions

Are you asked to provide your personal data on-line?	=>If yes, do the following before you press the "Submit" button to provide your personal data via an on-line form or send an e-mail containing your personal data:
Do you know the identity of the site requesting your personal data?	=>Look for identity details of the site. It is possible that a site appears to be at an electronic address that does not belong to it. Visit the "About the Organisation" page and check its identity details such as the name, physical location, and contact telephone/fax number. =>Look for the site's privacy policy notice. It is also safer to know what the site's policy is in handling personal data before you provide them with your own. The Ordinance requires that organisations in Hong Kong should be open about their policy and practices in handling personal data.

Are you told the purposes for which your personal data are to be used?	=>Search for an on-line notification of a Personal Information Collection (PIC) statement.

	Search for an on-line notification of a Personal Information Collection (PIC) statement.
	The PIC statement is a means by which the site should inform you how your data are to be used, to what other parties they may transfer your data, your rights to request a copy of your personal data and correct any errors, and who should be contacted for such requests. Under the Ordinance, organisations in Hong Kong should provide this information on or before the time they collect your data from you.

Are you asked to provide personal data not relevant to the purpose of collection?	=>Avoid providing excessive data that are irrelevant for the purpose. Check the on-line form which asks for your personal data and make a distinction between data that are mandatory and data that are optional. Beware of giving full personal details for recruitment on-line, lucky draw forms, dating or pen pal services, gambling web sites, on-line credit card and other service applications that ask for more information than is needed. Take care too, when registering to enter a site where apparently irrelevant personal information is requested. Consider giving your office instead of a home address or adding a statement in the address box, saying that the details given should be used for the stated purpose only.

Are the data you provide of a sensitive nature, such as your credit card number or your ID card number?	=>Assume your communication is not private. Security is weak on the Internet unless you take precautions. Consider sending data of a sensitive nature only when you are sure that a secure means of transmission is used. Your browser can be set to say when you are about to enter or leave a secure communications zone. (see previous section on "Configure your system before connecting to the Internet"). =>If possible, avoid on-line payment using your credit card number. Consider the use of traditional payment methods of using cash or cheque. The fewer times you use your credit card number for on-line payment, the less chance your credit card number or your purchasing habits will be detected by others. Another approach is to use a commercially available intermediary who will make payment from your credit card account, on your authorisation, but without the need for your card number to travel on the Internet. You can find out more about such services by searching the Internet using keywords "INTERNET CREDIT CARD PAYMENT". =>Do not give out your ID card number easily.

	Do not give out sensitive information via the Internet easily.
	Organisations may ask for your ID card number when you deal with them via the Internet, for example, when you register with it for access to a service. However, not all of them have a justified or lawful purpose for doing so.

Do your Internet e-mails sometimes contain sensitive personal data of yourself or others?	=>Consider using privacy protective tools to encrypt your e-mails.

	Consider using encryption to protect sensitive personal data.
	Every plain (unencrypted) e-mail you send can easily be intercepted and read. Encryption programs encode messages or files, making them difficult to be read by anyone including interceptors other than the intended recipient who has the decryption software. If necessary, protect the integrity of your e-mails by using some form of authentication mechanism. You can find out more about encryption by searching the Internet using keywords "INTERNET ENCRYPTION". =>Consider using privacy protective means to remain anonymous. It is possible to send e-mails, and receive replies, anonymously on the Internet using an anonymous re-mailer. Anonymous re-mailers are intermediaries who shield the true e-mail addresses from being revealed with substitutes when correspondents exchange e-mails. This is an important aid to privacy, if you trust the anonymous re-mailer who makes this possible. If you are serious about complete anonymity, you can consider using multiple re-mailers services. You can find out more about these techniques by searching the Internet using keywords "INTERNET ANONYMITY".

Do you give out personal details at search sites, newsgroups or chat areas?	=>Think carefully before revealing details about yourself. If you use one of the popular search facilities and you register your name with them as well, then consider this: Every time you make a search, your inquiry can be added to the list of topics that interest you. Your name, contact details, and that growing special interest list may become a detailed profile of you. =>Respect others' privacy before revealing their personal data. Newsgroups or chat areas are services that allow simultaneous conversation between many users using the Internet. It is important to remember that, when you take part in these types of open discussion, data you provide about yourself or others are open to the rest of the participants and can be accessible over a long period of time. They are also Internet sites which provide a service whereby the messages you post in newsgroups can be searched and listed. Under the Ordinance, you have an obligation not to reveal the personal data of another individual to a third party (via newsgroups or chat areas) unless those data were collected for the purpose for which this is done or that individual has given express permission voluntarily for you to do so.

Do you let your children surf on the Internet?	=>Teach and guide your children when they use the Internet. Children face special privacy risks on the Internet. Cartoon characters on a web site may seem, to your child, to respond directly to them. The characters may ask questions with enticing rewards and your child may give away personal and family details in response. The result may just be direct mails or advertising e-mails, but the abuses may be worse. A suggested rule for you to give your children is that no details should be given without your permission. Also, make sure they learn about privacy issues and supervise them in their first few on-line sessions on the Internet.

Are you annoyed about direct marketing mails addressed to you?	=>Request marketers to stop sending you marketing mails. Under the Ordinance, an organisation in Hong Kong that makes a direct market approach to you has an obligation to offer you an opt-out opportunity not to receive further marketing approaches. This gives you the right to request the marketer to stop annoying you. =>Take precautions to avoid receiving unsolicited advertising e-mails.

	You have the right to require marketers to stop sending you marketing mails.
	To reduce the chances of making yourself a marketing target, you should avoid registering with free e-mail services and 'white pages' or e-mail directory services. If you use a signature file in your e-mail correspondence, be careful not to provide unnecessary details about yourself in the signature file which may expose you as a marketing target.