|
E-Privacy:
A Policy Approach to Building Trust and Confidence
In E-Business
Background
3.1
In the HKSAR the concept of personal privacy is generally
appreciated, if not always well understood. The PCPD
is responsible for upholding the Personal Data (Privacy)
Ordinance ("the Ordinance") which concentrates
on one aspect of privacy, personal data privacy. In
this capacity the PCPD has adopted the principle that
the legal provisions of the Ordinance are applicable
both online and offline. This means that those provisions,
and related Data Protection Principles ("DPP"
- please refer to Annex), should be complied with by
providers operating in the E-Business environment. The
DPP enshrine what have become the mainstays of best
privacy practice, and form the backbone of legislation
in an increasing number of jurisdictions. Essentially
they establish the principles to be applied to the collection,
accuracy, use, security and access to personal data.
These principles have proved invaluable in the real
world, and the PCPD are committed to applying them to
the management of personal data in cyberspace.
3.2
The DPP confer the following rights upon individuals.
- The
Right to be Informed of Use
This right to be informed of the purposes for which
an individual's personal data are to be used and the
classes of persons to whom that personal data may
be transferred.
- The
Right to Fair and Lawful Collection
The individual's right to have personal data collected
by means that are fair and lawful and for purposes
that are directly related to the functions and activities
of the body collecting the data.
- The
Right to Give only Necessary Data
The right to give no more personal data than are necessary
for the purposes for which the data are collected.
- The
Right to Consent to a Change of Use
The right to be asked for consent before an individual's
personal data are used for purposes other than the
purposes for which they were collected, or directly
related purposes.
- The
Right to Accuracy and Security
The right to expect that personal data are kept accurate,
up-to-date, secure and for no longer than necessary.
- The
Right to Transparency
The right to ask a data user (a data user is any party
that controls the collection, holding, processing
or use of personal information) to disclose its personal
data policies and practices, the kind of personal
data held, and the main purposes for which they are
used.
- The
Right of Access to Personal Data
The right to obtain confirmation, and request for
a copy of personal data held by a data user. The data
user should comply with that request within 40 days.
- The
Right to Request Correction of Personal Data
The right of the individual to request for correction
of inaccurate personal data within 40 days of when
the request is made.
3.3
The PCPD has been monitoring developments in E-Business
notably since the government announced its policy of
making Hong Kong a centre of excellence in this respect.
Through its network of contacts in the international
privacy community, consultation with government departments
and agencies, and its involvement with business and
the community, the PCPD has been able to identify E-Privacy
risks and related personal data issues. These issues
must be confronted if trust and confidence are to prevail
in the provider-consumer relationship. Current wisdom
suggests that until the hallmarks of trust and confidence
are reflected in community perceptions, E-Business will
be impeded in the realisation of its full potential.
[Image of Previous Page][Image of image][Image of Next Page]
|