Information Centre

A Personal Statement by Mr. Allan CHIANG in response to media reports on his handling of personal data privacy cases when he was Postmaster General from 2003 to 2006

 


Date: 13 August 2010
A Personal Statement by Mr. Allan CHIANG in response to media reports
on his handling of personal data privacy cases when he was
Postmaster General from 2003 to 2006

I find it necessary to make clarifications in response to the media reports on the handling of personal data privacy cases by Hongkong Post when I was the Postmaster General from 2003 to 2006.  The following are the media enquiries and my responses:

Case 1: Installation of pinhole cameras by Cheung Sha Wan Post Office


Enquiry: It was said that when the incident was reported by the media on 18 June 2005, the Hongkong Post only promised to discuss with the Police as soon as possible to see if the cameras would be dismantled, that means Mr. Chiang’s statement that “he decided to immediately dismantle” the cameras once he knew the incident could not be established.  What is the explanation of Mr. Chiang?

Response: The incident happened 5 years ago and was an isolated case involving one post office.  The arrangement was decided at the district level.  I personally knew of the incident on 18 June 2005 (Sat).  Before that, I had no knowledge of the arrangement and I had not approved the installation of the pinhole cameras.

The pinhole camera system was disabled on (or before) 23 June 2005(Thurs).

[Remark: The Office of the Privacy Commissioner for Personal Data (“PCPD”) confirmed the commencement of a formal investigation into the case on 23 June 2005.]


Enquiry: Mr. Chiang said that the installation of pinhole cameras at Cheung Sha Wan Post Office was an isolated case, but it was said that the Hongkong Post at that time planned to install similar facilities at all the post offices in Hong Kong.  What is Mr. Chiang’s explanation to this?

Response: Pinhole cameras were installed at Cheung Sha Wan Post Office in 2005 to identify the culprit of a series of theft cases which took place in that post office.  This situation was rare and unusual.

Hongkong Post should be able to confirm that it had never planned to install pinhole cameras at all the post offices in Hong Kong.


Enquiry: Is it true that Mr. Chiang had taken a “firm stand” on the “pinhole camera incident” in 2005 by stating that he could not rule out the possibility of using pinhole cameras for employee monitoring?

Response: The Personal Data (Privacy) Ordinance does not totally prohibit covert surveillance of employees’ activities.  However, employers should take the following factors into consideration:

  • there is reasonable suspicion to believe that an unlawful activity is about to be committed, is being committed or has been committed;
  • the need to resort to convert monitoring to detect or to collect evidence of that unlawful activity is absolutely necessary given the circumstances;
  • the use of overt monitoring would likely prejudice the detection or the successful gathering of evidence of that unlawful activity;
  • covert monitoring can be limited in scope so that it targets only those areas in which an unlawful activity is likely to take place and it is undertaken on a limited duration basis only.
Employers should ensure that cameras only target locations where the abusive acts would most likely take place and the use and retention of video records are properly managed.

For details, please refer to the “Privacy Guidelines: Monitoring and Personal Data Privacy at Work” issued by the PCPD.

I briefed all the staff of Hongkong Post on 30 June 2005 through an audio broadcast.  Part of the content of that broadcast is reproduced below:

“…The installation of pinhole cameras is our [i.e. postal operations] decision after discussions with the Police.  There is only one purpose: to detect the criminals by cooperating with the Police in its investigation work.  When we (i.e. postal operations) installed and used the pinhole cameras, we had complied with the guidelines issued by the Privacy Commissioner for Personal Data, e.g. the cameras were installed at specific locations in the workplace, not in toilets, changing rooms or storerooms.  Moreover, the pinhole cameras were only used for instant monitoring, and the video recordings would only be viewed when theft cases happened again….

Our colleagues may ask if our department will install pinhole cameras again. I can only say that I wish I don’t need to consider this at all in future.  Pinhole cameras were installed in Cheung Sha Wan Post Office only because of very rare and unusual circumstances.  This was an isolated arrangement.  However, if similar incidents happen again, I really can’t rule out the possibility of considering the use of covert surveillance system to meet the needs of the special circumstances.  We have to assist the investigation work of the enforcement agencies, to safeguard public interests and to protect the mail and government properties.  But I promise the department will surely first consider other feasible and effective detection methods.  I will also personally find out whether it is necessary to use covert surveillance system before giving any approval, and will ensure that the application and management of such systems will strictly protect staff’s privacy.  The Office of the Privacy Commissioner has shown concern about the case of Cheung Sha Wan Post Office and will follow up the case.  If they give us recommendations after evaluation, we will be pleased to comply to ensure the best balance between our public responsibility for mail security and the protection of our staff’s privacy.”

For details, please refer to the Hongkong Post publication: “Hongkong Post: Heart for Excellence”, pages 184 to 185.

The explanation was made without the benefit of the findings and recommendations of PCPD’s subsequent investigation.

[Remarks: The PCPD published an investigation report on 8 December 2005 concluding that although the Hongkong Post had a legitimate purpose to safeguard its customers’ property from theft, the installation did not fully comply with the Data Protection Principles, including (1) the scale and dimension of the employees monitoring activity were excessive; (2) the Hongkong Post had no evidence to show that it had considered other less privacy intrusive alternatives; (3) the Hongkong Post did not have a privacy policy in relation to the use of video recordings for employees monitoring activities.  For details, please refer to Complaint/Enquiry Case Notes (Ref. 2005006), or Investigation Report (No. R05-7230) at the PCPD’s website.

Following the Privacy Commissioner’s recommendations, the Hongkong Post had since improved its systems for management of personal data and tighten up measures to protect the privacy of personal data.]

In brief terms, I also explained in the press conference of 4 August 2010 as follows: “Despite the legitimate purpose to protect customers’ property from theft, and efforts were made to manage the personal data collected, the arrangement had not complied fully with the requirements of the Personal Data (Privacy) Ordinance.”  This explanation is consistent with my explanation in 2005 when I was the Postmaster General.


Case 2: In 2005, the Hongkong Post had passed the personal data of some job applicants to recruitment contractor without their prior knowledge.


Enquiry: What is Mr. Chiang’s explanation?

Response: The Hongkong Post had replied to the media that the allegation was unfounded.  It had not passed personal data of job applicants to any company.


Case 3: In 2003, a district manager of the Hongkong Post faxed the medical records and sick leave records of ten odd staff members to different post offices in the district, disclosing the records of some staff to supervisors who had no direct work relationship with those staff.


Enquiry: The then Privacy Commissioner pointed out that the act had contravened Data Protection Principle 3 of the Personal Data (Privacy) Ordinance.  Mr. Chiang, please confirm if you knew of the case.

Response: I have left the Hongkong Post for many years.  As the incident happened 7 years ago, I really cannot master the details of the case enough to give the media a full explanation.

However, given the information revealed by the media, I reckon that the contravention of Data Protection Principle was due to the carelessness of the Post Office staff concerned.  The investigation officer must have informed me of the case and the Post Office management should have complied with the Enforcement Notice issued by the then Privacy Commissioner for Personal Data and implemented improvement measures to prevent a recurrence of similar irregularities.


Conclusion


Enquiry: Someone queried Mr. Chiang’s appointment as the Privacy Commissioner by using the metaphor: “how come a person who has committed indecent assault could be found suitable to combat offences of indecent assaults?”

Response: This is tantamount to an apple-to-orange comparison which I do not think is appropriate. I accept that as the then Postmaster General, I was accountable for Case 1 and Case 3.  However, on personal level, I must emphasize there was no issue of my ignorance of personal data privacy rights.

I personally have not intruded any personal data privacy rights.  The cases in question only reflect that the awareness of protecting personal data privacy of individual staff of Hongkong Post at that time was not high enough.  

They also underline the importance of promoting the awareness and understanding of the Ordinance by the PCPD.  I pledge that in the pursuit to fulfill the mission of protecting personal data privacy, I will make extra efforts in the education and promotion work, and work with all stakeholders to build a society which respects personal data privacy.


END

Back to top

[Back][Archive]

End of Page

[Media Statement] [Speeches, Articles & Papers] [Exhibition Materials] [Other Related Websites] [Archive] [Other Resources] [On-line Self Training] [Submissions to Public Consultation] [Privacy Commissioner's response following former Deputy Commissioner's conviction] [Response to the loss of medical data by Department of Health] [Privacy Commissioner commits himself to securing patients' data] [Privacy Commissioner commences inspection against Hospital Authority] [Response to data leakage by Immigration Department] [Response to data loss by HSBC] [Privacy is Your Business International Privacy Video Competition] [Privacy Commissioner strives to promote protection of personal data privacy] [Response following former Deputy Commissioner's conviction] [The Privacy Commissioner's clarification on criminalizing data leakage] [The Privacy Commissioner responds to media report today that] [Response to data leakage by the Police] [Progress of Inspection Against Hospital Authority] [The Director of Immigration Department signed formal undertaking] [Speech by Privacy Commissioner at the special meeting of Legislative Council Panel on Home Affairs] [Response to data loss incidents by The Hongkong and Shanghai Banking Corporation Limited] [The Privacy Commissioner completes the Inspection of the Hospital Authority's Personal Data System] [Privacy Commissioner Publishes Inspection Report on Hospital Authority] [Privacy Commissioner explains recommendations on the protection of patients' data privacy] [Privacy Commissioner accepts an Undertaking by HSBC] [Privacy is Your Business International Privacy Video Competition Prize Presentation Ceremony] [Response to Judgment of judicial review application by Cathay Pacific] [Privacy Commissioner welcomes HA's effort to enhance patient data privacy] [Statement by the Privacy Commissioner Following the Judgment made in HCAL 50/2008] [PCPD received a letter from CX Flight Attendants Union] [Impact of Technology on Data Privacy] [Privacy Commissioner responds to taxi industry's proposal of installing CCTVs in taxis] [United Christian Hospital's loss of patients' data] [Privacy Commissioner hosts the 31st APPA Forum] [Privacy Commissioner urges job seekers to be careful when providing personal data] [Launch of a booklet on protection of personal data] [Investigation Report: Employer Collecting Employees' Fingerprint Data for Attendance Purpose] [The Recruitment of Deputy Privacy Commissioner (DPC)] [Response to Media Report on the Use of Fingerprint Recognition System by a School] [Privacy Commissioner Responds to Public Enquiries about the Issue of] [Investigation Report: Tutorial Centre Using a Student's Results Notice for Promotion without the Student's Consent] [Privacy Commissioner Welcomes Hospital Authority's New Measures on the Protection of Patients' Personal Data] [Investigation Report: Food Company Collecting Participants' Personal Data in Lucky Draw Activity] [Privacy Commissioner Responds to] [The need to ensure that individuals are identified by the correct personal identifiers: the case of identification of new born babies] [Public Consultation on Ordinance Review] [] [Response to Media Report on Searching for Others' Personal Data on the Internet] [Privacy Commissioner attended the 31st International Conference of Data Protection and Privacy Commissioners] [Response to Media Enquiries] [The "Value-for-money" Audit Report on PCPD issued by the Director of AuditThe] [Protective measures taken by the Hospital Authority which enhance the protection of new born babies and the accuracy of their personal data] [The Privacy Commissioner issued two investigation reports on data access request fee charged by data users and the proper handling of personal data transferred by data users to their debt collection agency] [A personal statement by Roderick Woo, the Privacy Commissioner] [Office of the Privacy Commissioner for Personal Data's Annual Report won international awards for three consecutive years] [Privacy Commissioner Launches Privacy Awareness Week 2010] [Response to recent discussion about third parties' requests for patients data] [Opinion Survey: Senior Citizens' Attitudes and Perceptions towards Personal Data Privacy] [Public Seminar on] [Privacy Campaign for Insurers] [Google collected Wi-Fi data] [Google collected Wi-Fi data in Hong Kong] [Google collected Wi-Fi data in Hong Kong] [Privacy Commissioner attended the 33rd Asia Pacific Privacy Authorities Forum] [Privacy Commissioner responds to a local magazine's editorial on privacy issues] [Privacy Commissioner Publishes Guidance Note on Data Breach Handling and the Giving of Breach Notifications] [Privacy Commissioner responds to an opinion survey report on Octopus cards and privacy issues] [Privacy Commissioner's Finding against HSBC was set aside by the Administrative Appeals Board] [The Personal Data (Privacy) Ordinance and Octopus Card System] [Privacy Commissioner initiates investigation on the Octopus] [Privacy Commissioner Publishes Information Leaflet on Privacy Impact Assessment] [Privacy Commissioner published new revised edition of a book to provide in-depth interpretation] [The Privacy Commissioner gives interim report on the investigation of Octopus] [The Privacy Commissioner Completed the Compliance Check on Google's Collection of Wi-Fi Payload Data] [The Privacy Commissioner has completed a Privacy Compliance Assessment Report on the Smart Identity Card System] [Collection of Visitors' Fingerprint Data by a Theme Park] [Investigation Report: Beauty Centre Transferring a Client's Personal Data to a Third Party without the Client's Consent] [Hong Kong Letter - Roderick Woo, Privacy Commissioner for Personal Data] [Mr. Allan Chiang took office as Privacy Commissioner] [A short video introducing the Personal Data (Privacy) Ordinance] [Privacy Commissioner reminds data users of the requirements of the Ordinance when engaging direct marketing activities] [PCPD joined APEC Cross-border Privacy Enforcement Arrangement] [Privacy Commissioner discussed organizations’ collection and use of personal data for direct marketing with a political commentary group] [Amended Data Access Request Form takes effect] [Response to media reports on the attendance records of the Personal Data (Privacy) Advisory Committee] [Privacy Commissioner completed investigation on Octopus Holdings Ltd] [Multi-media Information] [Investigation Report – Octopus Rewards Program] [Privacy Commissioner publishes Guidance on the Collection and Use of Personal Data in Direct Marketing] [Privacy Commissioner responds to Government's proposals on Review of the Personal Data (Privacy) Ordinance] [PCPD's Statement regarding investigations into the Octopus Group of Companies] [Hong Kong Letter - Allan Chiang, Privacy Commissioner for Personal Data] [Investigation Report: A Telecommunications Company Authorized Another Company to Conduct Telemarketing] [A Personal Statement by Mr. Allan CHIANG in response to media reports on his handling of a personal data privacy case when he was Postmaster General in 2005] [A Personal Statement by Mr. Allan CHIANG in response to media reports on his handling of personal data privacy cases when he was Postmaster General from 2003 to 2006] [Online Survey of the] [PCPD's Submission in response to Report on Public Consultation on Review of the Personal Data (Privacy) Ordinance] [The Sharing of Mortgage Data for Credit Assessment] [Public Forum on Proposed Revisions to the Code of Practice on Consumer Credit Data] [Privacy concerns about resumption of Google Street View car operation] [Public Consultation on the Sharing of Mortgage Data for Credit Assessment Ended] [Consumer Roadshow on Protection of Personal Data] [Consultation Report on the Sharing of Mortgage Data for Credit Assessment] [Amendments to Code of Practice on Consumer Credit Data To Take Effect]

[About PCPD] [The Ordinance] [PCPD Activities] [Information Centre] [Personal Data Privacy Liberal Studies] [Privacy Zone for Youngsters]
[Publications & Videos] [Enquiries & Complaints] [Case Notes] [Contact Us] [Search] [Site Directory] [Graphical Version]
[Chinese Version]

Notice/Copyright 2001 Office of the Privacy Commissioner for Personal Data, Hong Kong. All rights reserved. Disclaimer