Publications and Videos
PCPD 2008-2009 Annual Report
|
Privacy Commissioner's Message
I have chosen "The Art of Promoting Privacy Rights" as the main theme for this annual report. Not unlike other privacy commissioners elsewhere, I am committed to promoting better awareness of the law which protects the privacy rights of the individuals in relation to personal data. To do this under the constraint of limited resources often requires creative planning and execution. In the past, my Office has organized an array of promotional and educational activities to cater for diverse audiences and settings-private and public organizations, civil society, professional and industry associations, schools and universities, young people and the not so young as well as the men in the street. We have co-ordinated such events with the production of some aide - memoire and promotional items to give away. Sometimes we invited celebrities to help draw the attention of the crowds and the media. During the reporting year we organized the second Privacy Awareness Week (PAW) jointly with members of the Asia Pacific Privacy Authority. Concerted efforts were made to organize competitions to achieve the common goal of promoting personal data privacy across the Asia Pacific region. I am glad that PAW has successfully begun to build a brand name about which more and more people have come to know about within this region. The International Conference of Data Protection and Privacy Commissioners is now looking at the feasibility of appointing a World Privacy Day or Week. It would be nice if this annual regional activity can be converted into a global event. The detailed provisions of the Personal Data (Privacy) Ordinance (“the Ordinance”) are not easily understood by the general public. This is why the conventional approach of holding classes to explain to individuals of their rights and organizations of their responsibilities as prescribed under the Ordinance has always been considered useful and necessary. We hold regular seminars, exhibitions, conferences and public events. Apart from that, we also adopt the idea of training the trainers. We have an existing medium in the form of the Data Protection Officers’ Club whose 320+ members are mainly data protection / human resources executives. We maintain close contact with our members and offer to them throughout the year practical guidance in the knowledge that they can spread the message of why and how personal data should be managed and protected. We are in the course of preparing a Trainer’s Kit to enable organizations to teach their own employees the proper way of handling personal data. In 2006 we started to experiment with the idea of mounting an industryspecific privacy awareness campaign. We were fortunate in having the Hong Kong Hotels Association as our partner in organizing activities to enhance the privacy awareness of hoteliers who handle the personal data of millions of travelers each year. With more than 40 large hotels participating, the Hotel Privacy Campaign was a roaring success. This year we directed our efforts to doing the same for estate agents with the strong support from the Estate Agents Authority. For both of these Campaigns we designed specific "self-learning" materials: an online self training module for hoteliers and a handbook for real estate agents. These educational tools continue to give useful privacy information to the practitioners of the specific industries long after the privacy awareness campaigns were finished. As privacy watch-dogs we need to be on the constant look-out for emerging threats to personal data privacy and ready to respond with appropriate actions. In the wake of a spate of patients’ data leakage incidents I took the bold step in May 2008 of exercising the statutory power of carrying out an inspection for the first time. The target was the Hospital Authority’s (“HA”) patients’ medical data system. I was fortunate in securing the kind and generous help of four eminent experts who acted voluntarily as consultants. The inspection concluded with a published report which offered the HA with 37 recommendations to help improve its existing patients’ data system from the perspective of data protection. I was gratified by HA’s agreement to implement the recommendations. What was equally satisfying to me was the impact of the publicity generated by the inspection which served as a privacy awareness event.
In retrospect, I might have taken on more than I could cope noting that at one time during the inspection I had to deploy more than half of my officers. However I will not shy away from the carrying out of another inspection if circumstances warrant and especially if a significant public interest is involved. Resources constraints will always present a challenge because an inspection is highly labour intensive. To avoid confusion over the interpretation of the Ordinance in specific circumstances, I often had to step in to put right what might have been misunderstood. In August and November 2008 I wrote to the Law Society of Hong Kong to clarify the extent of an endorsement which I had given earlier to the collection by solicitors of a copy of their clients’ Hong Kong identity cards. After I had made known this matter on my official website, it attracted some considerable notice and received positive comments in an editorial of the South China Morning Post. Solicitors are now left in no doubt that they do not, as a rule, have to take and retain a copy of their clients’ identity cards but only in cases where there is a risk of money laundering. This is just an example where the public can learn about privacy rights without going to a seminar. To inform people of their privacy rights and to remind organizations of their responsibilities under the law, I make sure that ever more of the investigation results, case notes and court judgments are accessible. Public announcement often catch the attention of the news-reading public. When the Court of First Instance ruled that the Cathay Pacific Airways Limited could legitimately ask for the medical data of its cabin crew members in September 2008, I promptly held a press conference to express my view that the ruling does not apply to all employment situations and that the Data Protection Principles in the Ordinance still apply even if the contract of employment creates an obligation on the part of the employee to disclose his personal data including his medical data. For the same reason I often publicly expressed my concerns and tried to explain my views on topical issues that might adversely affect the privacy of individuals. For instance, when the public was concerned with the taxi industry’s proposal to install CCTV cameras in taxis to combat and prevent crimes, I lost no time in coming out to say that I did not support the proposal and that the industry should consider less privacy intrusive alternatives in the first place. This had the desired effect of helping people to think about this topical issue in relation to their privacy. Strictly speaking, the promotion of privacy rights may never be regarded by the purist as an art, but experience has shown that with a small task force and a low budget on training and education, the Privacy Commissioner has to design and create cost-effective means of communication to vie for the attention of the citizens in this busy metropolis. In closing, I wish to thank all members of the staff for their loyalty and support. They had worked with dedication throughout the year and continued to maintain a high standard in the quality of their services to the public amid ever higher expectations. Roderick B. Woo |
|||||
End of Page
[Annual Report] [Code of Practice/ Guideline & Explanatory Booklet] [Consultation Document/ Report] [Newsletter] [Guidance Note & Fact Sheet] [Leaflet & Form] [Opinion Survey] [Others] [Investigation Report / Inspection Report] [Information Book]
[About PCPD] [The
Ordinance] [PCPD Activities]
[Information Centre]
[Personal Data Privacy Liberal Studies]
[Privacy
Zone for Youngsters]
[Publications & Videos]
[Enquiries & Complaints]
[Case Notes] [Contact
Us] [Search] [Site
Directory] [Graphical Version]
[Chinese Version]
Notice/Copyright 2001 Office of the Privacy Commissioner for Personal Data, Hong Kong. All rights reserved. Disclaimer