Information Centre

Investigation Report: A Telecommunications Company Authorized Another Company to Conduct Telemarketing

 


Date: 17 November 2010
Investigation Report: A Telecommunications Company Authorized Another Company to Conduct Telemarketing

1.    The Privacy Commissioner for Personal Data (“the Commissioner”) Mr. Allan Chiang published today (17 November) an investigation report (“the Report”).  The case concerned a telemarketing company (“the Telemarketing Company”) which, under the authorization of a telecommunications company (“the Telecommunications Company”), made a telemarketing call to a customer who had earlier made an opt-out request.

The Complaint

2.    The Complainant was a subscriber of the mobile phone network service of the Telecommunications Company.  In 2001, the Complainant informed the Telecommunications Company that he did not want to receive any further direct marketing calls, and the Telecommunications Company confirmed to him that it would cease making such call to him.

3.    Later on the Complainant received a telemarketing call from the Telemarketing Company representing the Telecommunications Company. Being dissatisfied with the Telecommunications Company’s non-compliance with his previous opt-out request, the Complainant lodged a complaint with the Office of the Privacy Commissioner for Personal Data (“the PCPD”) against the Telecommunications Company.

Provisions of the Ordinance

4.    Section 34(1)(ii) of the Personal Data (Privacy) Ordinance (“the Ordinance”) stipulates that if a data user has obtained personal data from any source and uses the data for direct marketing purposes, the data subject may request the data user to cease to so use those data.  In such case, the data user shall cease to so use those data without charge to the data subject.

Information Collected during the Investigation

5.    According to the agreement between the Telecommunications Company and the Telemarketing Company, the Telemarketing Company would make calls to the mobile phone users in Hong Kong based on random selection to promote the mobile phone network service of the Telecommunications Company.

6.    The Telecommunications Company had given the Telemarketing Company the work procedures and guidelines of handling opt-out requests, which required the Telemarketing Company to give the call list generated by random selection to the Telecommunications Company for approval before proceeding with direct marketing.  The Telecommunications Company would then delete the phone numbers that had been already opted out from direct marketing of its services before returning the same to the Telemarketing Company for its use.  However, the Telemarketing Company had failed to pass the call list used on the incident date to the Telecommunications Company for approval in accordance with the guidelines.

The Commissioner’s Findings

7.    The Commissioner is of the view that although the number was generated by random selection by the Telemarketing Company, it was the personal data that the Complainant requested the Telecommunications Company to cease to so use in 2001.  Hence, when the Telemarketing Company made the marketing call on behalf of the Telecommunications Company on the incident date, it was contrary to the opt-out request made by the Complainant as the Complainant’s personal data which had been opted out from direct marketing were so used.  Section 65(2) of the Ordinance provides that any act done or practice engaged in by a person as agent for another person with the authority of that other person shall be treated as done or engaged in by that other person as well as by him.  While the act of the Telemarketing Company had obviously contravened the guidelines of the Telecommunications Company, the Telecommunications Company had also failed to take active measures to ensure that the Telemarketing Company would strictly follow the guidelines.  Apparently, this was insufficient to make the Telemarketing Company take serious measures to ensure compliance by its staff.  The Commissioner takes the view that the terms in the agreement requiring the Telemarketing Company to comply with the Ordinance and the guidelines of the Telecommunications Company alone were not sufficient to take the act of the Telemarketing Company outside the sphere of acts authorized by the Telecommunications Company.  Therefore, the Telecommunications Company was liable for the act of the Telemarketing Company; it had also contravened section 34(1)(ii) of the Ordinance.

The Commissioner’s Decision

8.    The Commissioner is of the opinion that the Telecommunications Company’s contravention will likely continue or be repeated.  Pursuant to section 50 of the Ordinance, he served an enforcement notice on the Telecommunications Company directing it to clearly specify in the authorization agreements signed between the Telecommunications Company and the companies engaged to conduct direct marketing that the companies are required (i) to pass the call list to the Telecommunications Company for deletion of the phone numbers of customers who have made opt-out requests before using it in direct marketing, (ii) to specify the penalty for violation of the requirement, and (iii) to conduct regular random check on the direct marketing records of the companies.

9.    The Telecommunications Company complied with the directions in the enforcement notice in the specified time.

The Commissioner’s Recommendations and Comments

10.    Mr. Chiang said, “I understand that direct marketing has its economic value, but it may intrude personal data privacy.  To balance the interests of different parties, the Ordinance regulates direct marketing activities in the spirit that direct marketing activities can be carried out effectively in the business society of Hong Kong, while personal data privacy can be protected at the same time.”

11.    Mr. Chiang urged, “Commercial organizations have to take all practicable steps to prevent their agents from making direct marketing approaches to those customers who have made opt-out requests, and should select reputable marketing companies that can effectively monitor the performance of frontline staff to ensure that the direct marketing activities comply with the requirements of the Ordinance.”

Collection of the Report

12.    For details of the case background, findings, the Commissioner’s recommendations and other comments, please refer to the Report.

13.    Copies of the Report can be obtained from the PCPD at 12/F., 248 Queen's Road East, Wan Chai, Hong Kong.  The report is also available for download from its website (http://www.pcpd.org.hk/english/publications/invest_report.html).

Please click here to access the full Report

END

Back to top

End of Page


[Media Statement] [Speeches, Articles & Papers] [Exhibition Materials] [Other Related Websites] [Archive] [Other Resources] [On-line Self Training] [Submissions to Public Consultation] [Privacy Commissioner's response following former Deputy Commissioner's conviction] [Response to the loss of medical data by Department of Health] [Privacy Commissioner commits himself to securing patients' data] [Privacy Commissioner commences inspection against Hospital Authority] [Response to data leakage by Immigration Department] [Response to data loss by HSBC] [Privacy is Your Business International Privacy Video Competition] [Privacy Commissioner strives to promote protection of personal data privacy] [Response following former Deputy Commissioner's conviction] [The Privacy Commissioner's clarification on criminalizing data leakage] [The Privacy Commissioner responds to media report today that] [Response to data leakage by the Police] [Progress of Inspection Against Hospital Authority] [The Director of Immigration Department signed formal undertaking] [Speech by Privacy Commissioner at the special meeting of Legislative Council Panel on Home Affairs] [Response to data loss incidents by The Hongkong and Shanghai Banking Corporation Limited] [The Privacy Commissioner completes the Inspection of the Hospital Authority's Personal Data System] [Privacy Commissioner Publishes Inspection Report on Hospital Authority] [Privacy Commissioner explains recommendations on the protection of patients' data privacy] [Privacy Commissioner accepts an Undertaking by HSBC] [Privacy is Your Business International Privacy Video Competition Prize Presentation Ceremony] [Response to Judgment of judicial review application by Cathay Pacific] [Privacy Commissioner welcomes HA's effort to enhance patient data privacy] [Statement by the Privacy Commissioner Following the Judgment made in HCAL 50/2008] [PCPD received a letter from CX Flight Attendants Union] [Impact of Technology on Data Privacy] [Privacy Commissioner responds to taxi industry's proposal of installing CCTVs in taxis] [United Christian Hospital's loss of patients' data] [Privacy Commissioner hosts the 31st APPA Forum] [Privacy Commissioner urges job seekers to be careful when providing personal data] [Launch of a booklet on protection of personal data] [Investigation Report: Employer Collecting Employees' Fingerprint Data for Attendance Purpose] [The Recruitment of Deputy Privacy Commissioner (DPC)] [Response to Media Report on the Use of Fingerprint Recognition System by a School] [Privacy Commissioner Responds to Public Enquiries about the Issue of] [Investigation Report: Tutorial Centre Using a Student's Results Notice for Promotion without the Student's Consent] [Privacy Commissioner Welcomes Hospital Authority's New Measures on the Protection of Patients' Personal Data] [Investigation Report: Food Company Collecting Participants' Personal Data in Lucky Draw Activity] [Privacy Commissioner Responds to] [The need to ensure that individuals are identified by the correct personal identifiers: the case of identification of new born babies] [Public Consultation on Ordinance Review] [] [Response to Media Report on Searching for Others' Personal Data on the Internet] [Privacy Commissioner attended the 31st International Conference of Data Protection and Privacy Commissioners] [Response to Media Enquiries] [The "Value-for-money" Audit Report on PCPD issued by the Director of AuditThe] [Protective measures taken by the Hospital Authority which enhance the protection of new born babies and the accuracy of their personal data] [The Privacy Commissioner issued two investigation reports on data access request fee charged by data users and the proper handling of personal data transferred by data users to their debt collection agency] [A personal statement by Roderick Woo, the Privacy Commissioner] [Office of the Privacy Commissioner for Personal Data's Annual Report won international awards for three consecutive years] [Privacy Commissioner Launches Privacy Awareness Week 2010] [Response to recent discussion about third parties' requests for patients data] [Opinion Survey: Senior Citizens' Attitudes and Perceptions towards Personal Data Privacy] [Public Seminar on] [Privacy Campaign for Insurers] [Google collected Wi-Fi data] [Google collected Wi-Fi data in Hong Kong] [Google collected Wi-Fi data in Hong Kong] [Privacy Commissioner attended the 33rd Asia Pacific Privacy Authorities Forum] [Privacy Commissioner responds to a local magazine's editorial on privacy issues] [Privacy Commissioner Publishes Guidance Note on Data Breach Handling and the Giving of Breach Notifications] [Privacy Commissioner responds to an opinion survey report on Octopus cards and privacy issues] [Privacy Commissioner's Finding against HSBC was set aside by the Administrative Appeals Board] [The Personal Data (Privacy) Ordinance and Octopus Card System] [Privacy Commissioner initiates investigation on the Octopus] [Privacy Commissioner Publishes Information Leaflet on Privacy Impact Assessment] [Privacy Commissioner published new revised edition of a book to provide in-depth interpretation] [The Privacy Commissioner gives interim report on the investigation of Octopus] [The Privacy Commissioner Completed the Compliance Check on Google's Collection of Wi-Fi Payload Data] [The Privacy Commissioner has completed a Privacy Compliance Assessment Report on the Smart Identity Card System] [Collection of Visitors' Fingerprint Data by a Theme Park] [Investigation Report: Beauty Centre Transferring a Client's Personal Data to a Third Party without the Client's Consent] [Hong Kong Letter - Roderick Woo, Privacy Commissioner for Personal Data] [Mr. Allan Chiang took office as Privacy Commissioner] [A short video introducing the Personal Data (Privacy) Ordinance] [Privacy Commissioner reminds data users of the requirements of the Ordinance when engaging direct marketing activities] [PCPD joined APEC Cross-border Privacy Enforcement Arrangement] [Privacy Commissioner discussed organizations’ collection and use of personal data for direct marketing with a political commentary group] [Amended Data Access Request Form takes effect] [Response to media reports on the attendance records of the Personal Data (Privacy) Advisory Committee] [Privacy Commissioner completed investigation on Octopus Holdings Ltd] [Multi-media Information] [Investigation Report – Octopus Rewards Program] [Privacy Commissioner publishes Guidance on the Collection and Use of Personal Data in Direct Marketing] [Privacy Commissioner responds to Government's proposals on Review of the Personal Data (Privacy) Ordinance] [PCPD's Statement regarding investigations into the Octopus Group of Companies] [Hong Kong Letter - Allan Chiang, Privacy Commissioner for Personal Data] [Investigation Report: A Telecommunications Company Authorized Another Company to Conduct Telemarketing] [A Personal Statement by Mr. Allan CHIANG in response to media reports on his handling of a personal data privacy case when he was Postmaster General in 2005] [A Personal Statement by Mr. Allan CHIANG in response to media reports on his handling of personal data privacy cases when he was Postmaster General from 2003 to 2006] [Online Survey of the] [PCPD's Submission in response to Report on Public Consultation on Review of the Personal Data (Privacy) Ordinance] [The Sharing of Mortgage Data for Credit Assessment] [Public Forum on Proposed Revisions to the Code of Practice on Consumer Credit Data] [Privacy concerns about resumption of Google Street View car operation] [Public Consultation on the Sharing of Mortgage Data for Credit Assessment Ended] [Consumer Roadshow on Protection of Personal Data] [Consultation Report on the Sharing of Mortgage Data for Credit Assessment] [Amendments to Code of Practice on Consumer Credit Data To Take Effect]


[About PCPD] [The Ordinance] [PCPD Activities] [Information Centre] [Personal Data Privacy Liberal Studies] [Privacy Zone for Youngsters]
[Publications & Videos] [Enquiries & Complaints] [Case Notes] [Contact Us] [Search] [Site Directory] [Graphical Version]
[Chinese Version]


Notice/Copyright 2001 Office of the Privacy Commissioner for Personal Data, Hong Kong. All rights reserved. Disclaimer