Table of Contents Table of Contents
Previous Page  128 / 192 Next Page
Show Menu
Previous Page 128 / 192 Next Page
Page Background

have contravened a requirement under the Ordinance “to remedy and, if appropriate,

prevent any recurrence of the contravention”.


In those cases where the contravention is attributed to a lack of or an inadequate

privacy policy, the Commissioner may in the enforcement notice direct the relevant

data user to take such steps to promulgate, amend or modify its personal data handling

policies or practices to prevent similar breaches from occurring.


The Commissioner views favourably a systematic approach by data users in

implementing a privacy management programme


built upon a robust data privacy

policy and practices that are properly executed, reviewed and assessed by designated

data protection officer(s).



Privacy Management Programme: A Best Practice Guide

, available on the Website: