What does the code of practice cover ?
The code of practice gives practical guidance to data users* on the application of requirements of the Personal Data (Privacy) Ordinance ("the Ordinance") to the collection, accuracy, retention, use and security of :
- the identity card ("ID card") number and copies of the ID card; and
- other identifiers that uniquely identify individuals, e.g. passport numbers, employee numbers, examination candidate numbers and patient numbers.
* A data user is defined in the Personal Data (Privacy) Ordinance as meaning, in relation to personal data, a person who either alone or jointly or in common with other persons, controls the collection, holding, processing or use of the data. In practice, a data user could be a company, a government department or other public body or an individual.
What happens if the code is not complied with ?
- Non-compliance with the code is not itself unlawful. However, it will give rise to a presumption against the party concerned in any proceedings involving an alleged breach of the Ordinance. These proceedings could be before the Administrative Appeals Board, a magistrate or a court.
- Non-compliance with the code would also weigh against the party concerned in any case under investigation by the Privacy Commissioner for Personal Data.
When does the code take effect ?
The code was approved on 19 December 1997. Its requirements will take effect in two stages:
||All requirements except the requirement specified in stage 2 below will take effect on 19 June 1998.
||The requirement that data users should not issue to any individual a card, such as a staff card, which has the ID card number printed on it (details in step 5 in the ID card number section below) will take effect on 19 December 1998.
STEP-BY-STEP GUIDE TO COMPLIANCE WITH THE CODE
ID CARD NUMBER
BASIC POSITION: No right to compel an individual to provide an ID card number unless authorised by law
Unless authorized by law, no data user may compel an individual to provide his or her ID card number. A data user may request an individual to provide his or her ID card number under the circumstances where the collection of the ID number is permitted by this code . In such a case, the code does not, and in law could not, prohibit a data user from refusing to deal with an individual who declines to provide his or her ID card number. However, before doing so, the data user should pay particular attention to step 1 below, which requires that consideration be given to offering less privacy-intrusive alternatives to the individual.
Step 1 : Consider alternatives to collecting ID card numbers
A data user that proposes to collect ID card numbers should first consider whether there are any less privacy-intrusive alternatives. If there are, the data user should give the individual the option of choosing such alternatives. Examples of such alternatives are:
- to use another personal identifier of the individual's choice e.g. a passport number;
- to accept identification of the individual by someone known to the data user, e.g. where a resident at a block of flats known to the security guard identifies a visitor;
- to accept some form of security e.g. a monetary deposit.
Step 2 : Check whether your collection of ID card numbers comes under one or other of the circumstances where this is permitted in the code
A data user is permitted to collect an ID card number only under one or other of the following general circumstances:
- Where an Ordinance gives the data user a power to require individuals to provide ID card numbers, e.g. section 5 of the Registration of Persons Ordinance (Cap. 177) gives public officers such a power.
- Where an Ordinance requires the data user to collect the ID card number, e.g. section 17K of the Immigration Ordinance (Cap. 115) requires employers to keep a record of the number of the document, which is usually an ID card, by virtue of which each employee is lawfully employable.
- Where the use of the ID card number is necessary to carry out any of the purposes mentioned in section 57(1) of the Ordinance, which are the safeguarding of security, defence or international relations in respect of Hong Kong.
- Where the use of the ID card number is necessary to carry out any of the purposes mentioned in section 58(1) of the Ordinance, which include the prevention or detection of crime, and the assessment or collection of any tax or duty.
- Where the use of the ID card number is necessary to enable the person to carry out functions related to the operation of a tribunal or court, e.g. to ensure the correct identification of individuals involved in court proceedings.
- To enable the data user to identify the individual concerned or to attribute data to him or her where any of the following is necessary:
- to advance the interests of the individual, e.g. to ensure that the correct medical record is referred to when treating a patient,
- to prevent any third party other than the data user from suffering a detriment, e.g. to ensure that someone else is not given the wrong medication because the wrong medical record is referred to,
- to enable the data user to safeguard against damage or loss that is more than trivial, e.g. drivers involved in a traffic accident may exchange ID card number in order to identify each other when pursuing a claim arising from the accident.
More specifically, a data user is permitted to collect ID card numbers under the following circumstances:
- For inclusion in a document that establishes or is evidence of any legal or equitable right or interest or legal liability that is not trivial, e.g. in documents that establish an individual's right of ownership of a flat. Do not collect an ID card number just to safeguard against a trivial loss.
- As the means of future identification of an individual who is permitted to enter premises where monitoring of the activities of the individual inside the premises is not reasonably practicable, e.g. entry to a commercial building outside office hours.
- As the means of future identification of an individual who is permitted to use equipment where monitoring of the use of the equipment is not reasonably practicable, e.g. the use of a computer that is out of sight of the staff concerned.
- As a condition for allowing the individual to have custody or control of property which is of a value that is more than trivial, e.g. a rental car.
Step 3 : Check whether the way you collect ID card numbers ensures that they are truly the ID card numbers of the individuals providing them
To ensure accuracy, when a data user collects ID card numbers from the individuals who are the [image]holders of the ID cards, it should do so only in one or other of the following ways.
- Directly from the ID card physically produced in person by the individual, e.g. where an individual attends in person at a retail outlet of a utility company to apply for service.
- If the individual provides his or her ID card number without at the same time showing the ID card, for example in a form which is posted to the data user or over the phone, check the number so collected against the physical production of the ID card in person by the individual before using the number for any purpose. For example, a job applicant may provide his or her ID card number in a job application form which is mailed to the employer, but before the employer uses the number, say, to check whether the individual is a previous employee, it should be checked against the physical production of the ID card by the individual.
- If the individual has been given the option either to provide a copy of his or her ID card or to present his or her ID card in person, and has chosen to do the former, the data user is permitted to collect the ID card number from such a copy e.g. where an individual chooses to make a postal application for a driving licence rather than apply for the licence in person.
Back to top