Whether a telecom services provider should disclose the identity of the sender of a disparaging fax.
Q: We are a telecom services provider. A client ("the alleged victim") informed us that a number of unidentified faxes were sent to his company. The faxes were allegedly directed at discrediting him. Through cross-checking with our customer list, we identified that one of the senders' fax numbers was registered with us. Subsequently, a solicitors' firm acting for the alleged victim requested us to disclose to them the personal data of the sender. The solicitors’ firm sought to rely the exemption of section 58(1)(d) of the Personal Data (Privacy) Ordinance ("the Ordinance") on the ground that the sending of disparaging faxes amounted to "seriously improper conduct" under that provision. The question is whether we should accede to the request of the solicitors' firm.
A: Having perused the subject faxes in question, we notice that those faxes contained complaints against the victim. However, it is not clear to us on what basis the victim alleged that the sending of the relevant faxes, being complaint letters, amounted to "seriously improper conduct". We are therefore not in a position to comment on your question. In any event, even if exemption from data protection principle 3 in Schedule 1 to the Ordinance is available by relying on the ground of "serious improper conduct" as contained in section 58(1)(d) of the Ordinance, this will only imply that your release of the personal data of the sender will not contravene the Ordinance. This does not, however, mean that you are obliged to provide the data.