Table of Contents Table of Contents
Previous Page  11 / 192 Next Page
Show Menu
Previous Page 11 / 192 Next Page
Page Background


Paragraph (b) — “From Which It Is Practicable for the Identity of the Individual To Be

Directly or Indirectly Ascertained”


In applying the condition laid down in paragraph (b) to personal data, the first thing that

should be taken note of is that the word “practicable” wherever it appears in the

Ordinance, is defined under section 2(1) to mean “reasonably practicable”.


In the case of AAB No. 16/2000, the appellant made a complaint to the Commissioner

about a public transport company, due to the fact that whenever he entered or exited

through the toll gates using his senior citizen concessionary payment card, indicator

lights flashed and an alarm went off.

This would reveal to all persons nearby that he was

over 65 which, according to him, amounted to disclosure of his personal data. In its

decision, however, the AAB confirmed the Commissioner’s view that the payment card

in question (not being a personalised card) did not contain personal data belonging to

the appellant and the card could be purchased or possessed by anyone.

Thus, the fact

that the light and sound were emitted when the appellant used the concessionary

payment card to pass through the toll gate did not make it reasonably practicable for

the identity of the appellant to be directly or indirectly ascertained.

The light and sound

signals only identified the type of card used, not the person using it.


Secondly, in deciding whether certain data held by a party satisfies the condition laid

down in paragraph (b) and, in particular, in considering the meaning of the words “from

which” in that paragraph, the Commissioner takes the view that reference to the

individual should be able to be construed from the context of all the relevant

information controlled by the data user, of which the personal data of that individual

forms part. For example, an employer holding a personnel file on one of his employees

would not necessarily have the name of or other identifying information about the

employee explicitly stated on every page. If the employer should be asked whether the

information contained on one such page constitutes the personal data of the employee,

it would be unreasonable and contrary to the Commissioner’s regulatory view for the

employer to say “no” simply because that particular page alone does not reveal the

identity of the employee. Conversely, when it is not practicable on the face of the data

or from other information that it holds for the identity of the data subject to be directly or

indirectly ascertained, the condition laid down in paragraph (b) is not satisfied.


In applying the condition laid down in paragraph (b), the Commissioner will take into

account all relevant data controlled by the party in question. If it is practicable for that

party to ascertain from the totality of such data the identity of the individual, each and

every part of the data (including, in the example given above, any individual page

within the personnel file) also satisfies the condition laid down in paragraph (b). This

totality approach is equally applicable to the situation where the data is contained in

several documents, which, when read or construed together, constitutes the personal

data of an individual. For example, when a separate note of address is found attached

to a personnel file created for a particular employee, although no name is specifically

stated on the note, it is likely to be construed as personal data belonging to the

employee when read with other documents in the file and taking into account the

nature of the matter as a whole.