| [Image of Figure] |
| [Image of images] |
A total number
of 919 complaint cases were received in 2003-04 (a slight increase
of 1.4% in comparison with the previous year). |
| |
|
| [Image of Figure] |
| [Image of images] |
A total of 919
complaint cases were received in 2003-04. |
| [Image of images] |
655 (71%) complaint
cases were against private sector organizations. |
| [Image of images] |
169 (19%) complaint
cases were against individuals. |
| [Image of images] |
95 (10%) complaint
cases were against public sector
organizations (i.e. government departments and other
public bodies). |
| |
|
| [Image of Figure] |
| [Image of images] |
The majority of
the complaints against financial institutions or telecommunications
industry concerned alleged use of personal data in recovery actions
for overdue loans or service payments. |
| |
|
| [Image of Figure] |
| [Image of images] |
The majority of
the complaints against public sector orgaizations concerned alleged
use of personal data outside collection purpose and without the consent
of the individual (36%) and non-compliance with data access requests
(24%). |
| |
|
| [Image of Figure] |
| [Image of images] |
The 919 complaints
cases received in 2003-04 involved a total of 1,024 alleged breaches
of the requirements of the PD(P)O. Of these, 885 (86%) were alleged
breaches of the data protection principles scheduled to the PD(P)O
while 139 (14%) were alleged contraventions of the provisions in the
body of the PD(P)O. |
| [Image of images] |
Of the 885 alleged
breaches of the data protection principles, 469 (53%) concerned the
alleged uses of personal data of complainants without their consent
for purposes other than the purposes for which the data were collected.
In this category, 106 (23%) involved debt collection, mostly allegations
against financial institutions for passing customers' personal data,
such as contact details and amounts of indebtedness, to debt collecting
agencies for recovery of outstanding debts. |
| |
|
| Like the
last reporting year, there has still been a misunderstanding
on the part of some complainants about the ambit of the PD(P)O
when applied to debt collection activities. There were again
a number of cases where complainants seemingly tried to use
the PCPD's complaint channel to stall creditors such as financial
institutions from collecting their debts. The transfer of personal
data of a debtor from a creditor to its agent for collecting
debt owed is normally within the original collection purpose
of the data. Such use of the data may not raise any issue under
the PD(P)O if only data that are necessary for the debt collecting
purpose are transferred and prior notice has been given to the
debtor at the time of collection of the data from the debtor. |
|