Skip to content

Information Leaflets

Information Leaflets

Download the form

Q: What is a matching procedure?

A: The Personal Data (Privacy) Ordinance (the Ordinance) has a definition of "matching procedure". The definition can be divided into four criteria for determining whether a particular process of comparing personal data is a "matching procedure". All four criteria must be met before such a process qualifies as a "matching procedure". The four criteria are that :

  1. there is a comparison of two sets of personal data, each of which is collected for different purposes, e.g. one set of personal data collected for purposes A and B and a second set collected for purposes X and Y;
  2. each comparison involves the personal data of 10 or more data subjects;;
  3. the comparison is not carried out by manual means, e.g. it is carried out by using a computer programme designed and applied for performing the comparison process; and
  4. the end result of the comparison may be used, whether immediately or at any subsequent time, for the purpose of taking adverse action against any of the data subjects concerned.

Q: What is meant by adverse action?

A: Adverse action is defined in the Ordinance as any action that may adversely affect an individual's rights, benefits, privileges obligations or interests, including legitimate expectations.

Q: Why is consent needed?

A: Section 30 of the Ordinance provides that a matching procedure may not be carried out unless one of the following conditions has been met:-

  1. all the individuals who are the subjects of the data to be matched have voluntarily given express consent to the matching procedure being carried out;
  2. the Privacy Commissioner has given consent under section 32 of the Ordinance for the matching procedure to be carried out;
  3. the matching procedure belongs to a class of matching procedures which the Privacy Commissioner has specified by notice in the Government Gazette as a class of such procedures that may be carried out; or
  4. the matching procedure is required or permitted by a provision of an Ordinance specified in Schedule 4 to the Ordinance.

The Privacy Commissioner has not specified any class of matching procedures as a class of such procedures that may be carried out, condition (c) above; neither have any provisions of an Ordinance requiring or permitting a matching procedure been specified in Schedule 4 to the Ordinance, condition (d) above. Accordingly, if someone wishes to carry out a matching procedure in compliance with section 30, they must meet either condition (a) or (b). That is, they must either obtain the express consent of the individuals who are the subjects of the data to be matched or seek the consent of the Privacy Commissioner to carry out the matching procedure concerned.

Consent of the Privacy Commissioner should be sought using a matching procedure consent application form, which can be obtained from the Office of the Privacy Commissioner for Personal Data at 12/F, Sunlight Tower, 248 Queen's Road East, Wanchai, Hong Kong.

Q: Are there any restrictions on the comparison of personal data which is not a "matching procedure"?

A: Such a comparison process is not subject to the special requirements of the Ordinance relating to matching procedures. However, it is subject to the other general provisions of the Ordinance. For example, data protection principle 3 in Schedule 1 provides that personal data may not be used for a purpose other than a purpose for which the data were to be used when they were collected, or a directly related purpose, unless the subject of the data voluntarily gives express consent.

Q: Can I seek consent to carry out a series of matching procedures?

A: Yes, so long as there is no significant difference between the individual procedures with respect to the details and supporting case provided in Parts B and C of the relevant consent application form.

Q: What if the two sets of personal data are collected and used by the same organisation?

A: This is not relevant so long as the four criteria detailed above for a matching procedure are met. In other words, a comparison process that meets all four criteria for a matching procedure is a matching procedure whether one or more organisations are involved in collecting or holding the personal data concerned.

Q: Can you give an example of a comparison process that is a "matching procedure"?

A: Example of a Matching Procedure

Data user A is responsible for making payments to several thousand individuals who meet certain eligibility criteria. Data user A collects and uses the personal data of individuals applying for such payments for the purpose of determining whether they are eligible for the payments and arranging that the money be paid to those who are.

One of the eligibility criteria is that the individual should not own property. To check that the individuals meet this criteria, data user A compares the personal data collected with that contained in a register of property owners maintained by data user B. The register contains personal data collected by data user B for purposes related to conveyancing. The comparison of the first set of personal data held by data user A with the set of personal data held by data user B will confirm whether or not the individuals concerned own property.

As the number of individuals involved is large, data user A uses a computer programme to compare the personal data it holds with the personal data held by data user B to ascertain which of them own property. Any individual identified as owning property by this automated comparison has his or her application for payment declined or, in the case of existing recipient, the payments are discontinued.

Point to Note

This is a matching procedure because all four criteria of a matching procedures are met.

Q: Can you give examples of comparison processes that are not "matching procedures"?

A: Examples of Comparison Procedures Falling Outside the Definition of Matching Procedure

Case A - Manual Checking of Computer Records

Data user C has collected personal data for purposes related to making employment appointments. Data user D maintains a register of personal data that has been collected for purposes related to ascertaining the residence status of individuals. Data user C provides the personal data, including the names and identity card number, of 20 selected candidates to data User D to check whether the candidates are Hong Kong residents before offering appointment to those candidates.

Upon receipt of the personal data from data user C, data user D enters the name and ID card number of each individual into its computer database as an access key to retrieve any record of personal data that relates to that individual. If such a record exists, data user D checks through the personal data in the record to determine whether or not the individual is a Hong Kong resident. The outcome of the check is then sent to data user C. Having received the reply, data user C decides whether or not to offer appointment to each candidate.

Point to Note

The above is not a matching procedure because the comparison process itself is carried out by manual, not automated means. Computer equipment is only used to retrieve the data concerned.

Case B - Updating of Personal Data

Data user E is the agent for a brand of air-conditioner. It collects personal data from its clients, who number many hundred, in order to provide a servicing service for the air-conditioners they have purchased. When data user E receives notice of changes in the personal particulars of its clients it updates its database. The processing of these changes may involve more than ten individuals at one time.

Point to Note

The above is not a matching procedure because it does not involve the comparison of two sets of personal data collected or used for different purposes, neither is any adverse action involved. It is simply an updating exercise using data collected for the same purpose as the data that are updated.