PCPD - 2002-2003 Annual Report

Publications and Videos

2002-2003 Annual Report_14

Operations

Compliance Checks

A compliance check is undertaken when the PCPD identifies a practice in an organization that appears to be inconsistent with the requirements of the PD(P)O. In such circumstances, the PCPD raises the matter in writing with the organization concerned pointing out the apparent inconsistency and inviting it, where appropriate, to take remedial action. In many cases, the organization concerned takes the initiative and responds by undertaking immediate action to remedy the suspected breach. In other cases, organizations seek advice from the PCPD on the improvement measures that should be taken to avoid repetition of suspected breaches.
During the reporting year, the PCPD conducted 28 compliance checks in relation to alleged practices of data users that might be inconsistent with the requirements of the PD(P)O. Of these, 8 compliance checks related to practices in government departments/statutory bodies. The remaining 20 compliance checks related to practices in private sector organizations.
Figure 14 - Illustrations of compliance check issues

Issues Improvement Measures Recommended

Information materials circulated to voters of a "best performer" election disclosed personal data of nominees that included their HK identity card number. Special care should be taken when circulating documents that contain personal data of individuals. The organizer was recommended to avoid disclosure of any personal data that were not necessary for the purpose concerned.

The website of a professional body posted the names, addresses and qualifications of its members. The professional body was advised to make notification to its members, at the time when they register, that personal data compiled about their registration would be posted on its website for public access.

Staff appraisal forms with full date of birth of staff were dispatched without envelopes. There is no justifiable reason to print the full date of birth of staff on the front page of the appraisal form and the employer was recommended to consider inserting the form in an envelope prior to dispatch.

Loss of staff's payroll slips during the distribution process. It is the obligation of the employer to ensure personal data in staff's payroll slips are protected against unauthorized or accidental access. The company was recommended to obtain acknowledgement of receipt of payroll slips from staff.

Job applicants were asked to provide the name and occupation details of their parents in application forms. There is no justifiable reason for making the required information mandatory. The company was advised to revise its requirements accordingly.

Advertising circular to residents of a housing estate carried personal data of several residents with whom the data user had previously provided services. Customer's personal data should not be used in advertising activities unless with the customer's consent. The data user was recommended to take proper measures not to disclose customers' data in advertising materials unless the customers had consented to such use.

A recruitment website solicited job applicants' personal data without disclosing the identity of employers. A recruitment advertisement that solicits personal data from applicants should reveal the identity of the employer. The website was recommended to identify the employer in future.

Applicants who subscribed as members of health food products were required to provide their HK identity card numbers. Alternatives in lieu of providing identity card numbers should be offered to applicants. The company was recommended to cease the practice or to make the provision of identity card numbers voluntary.

Workers entering into areas managed by the company were required to provide their HK identity card details. The company was advised to consider accepting "work permits" as an alternative.

Parking license renewal forms required both car park owners and tenants to fill in personal data on the same form. The car park management company was recommended to issue separate forms to owners and tenants for parking license renewals in order to avoid disclosure of personal data to the other party.

Customers wanting to trade in their mobile phones were required to provide HK identity card copies. Collection of identity card copy is allowable only in certain defined situations. The company was advised to cease the practice of collecting HK identity card copies from their customers.

[Image of Previous Page][Image of image][Image of Table of Contents][Image of image][Image of Next Page]

End of Page

[Annual Report] [Code of Practice/ Guideline & Explanatory Booklet] [Consultation Document/ Report] [Newsletter] [Guidance Note & Fact Sheet] [Leaflet & Form] [Opinion Survey] [Others] [Investigation Report / Inspection Report] [Information Book]

[About PCPD] [The Ordinance] [PCPD Activities] [Information Centre] [Privacy Zone for Youngsters (Games)]
[Publications & Videos] [Enquiries & Complaints] [Case Notes] [Contact Us] [Search] [Site Directory] [Graphical Version]
[Chinese Version]