Skip to content

PCPD e-Newsletter

Facebook Youtube

PCPD addresses key issues relating to personal data protection in fighting COVID-19

With the ongoing outbreak of COVID-19 locally and worldwide, many jurisdictions have been stepping up their efforts to combat the pandemic. Privacy-related questions may arise when measures are introduced to monitor whether people are complying with quarantine conditions and to track potential carriers of COVID-19. In response to public concerns and media enquiries, the PCPD has been promptly giving guidance and making observations on a number of related issues.

The PCPD has shared our suggested best practices with the Global Privacy Assembly (GPA), a leading forum for privacy commissioners from around the world, as part of the efforts in enhancing knowledge and experience exchange to protect data privacy in this challenging time.

Click below to view latest experiences, strategies and best practices of data
protection authorities around the world!

Click here

Guidelines for employers and employees during COVID-19

The escalating number of confirmed cases of COVID-19 has created concerns for employers who are asking whether they are permitted to collect health data about their employees to help monitor and prevent the spread of the virus in the workplace and the wider community. The COVID-19 pandemic also renders many employers and employees working from home and conducting business meetings online, the possible personal data privacy breach of which does require vigilant attention. Below are some practical tips of how we can balance privacy rights and public health needs.

Q1: Can employers collect temperature measurements or other health data from employees?

A.  Employers have legal and corporate responsibilities to protect the health of their employees and visitors. In times of COVID-19, it is generally justifiable for employers to collect temperature measurements or limited medical symptoms of COVID-19 information of employees and visitors solely for the purposes of protecting the health of those individuals.

Q2: How about travel history? Can employers ask for travel data of their employees?

A. The Personal Data (Privacy) Ordinance (PDPO) does not prohibit any organisation from collecting ones’ travel data. Given the escalating number of confirmed cases of COVID-19 locally and globally, and the legal and corporate responsibilities of employers to provide a safe working environment, it is justifiable for employers to ask for travel data from employees who have returned from overseas, especially from those high-risk areas. Similar to health data, the collection of travel data should be purpose-specific, and minimal data should be collected. A self-reporting system is preferred to an across-the-board mandatory system.

Q3: How long can the personal data collected be retained?

A.  Employers shall permanently destroy the personal data collected for the purposes of fighting or combatting COVID-19 when the purpose of collection is fulfilled, such as when there is no evidence suggesting that any employees have contracted COVID-19 or have close contacts with the infected after a reasonable period of time.

Q4: What kind of data security issues relating to employees’ medical or health data should an employer be mindful of?

A.  All practicable steps (e.g. storing the data in a locked cabinet, encrypting the data and only allowing authorised personnel to have access to the data) shall be taken by an employer to protect the personal data collected against unauthorised or accidental access, processing, erasure, loss or use. Adequate data security safeguards are particularly important for medical or health data because it is considered more sensitive and a breach of health data may cause significant harm to the individuals concerned.

Q5: More of employees are working from home during the pandemic. What kind of security measures should employees have in place for homeworking?

A: - Never share the work device’s account with others;
    - Ensure Wi-Fi connection is secure;
    - Regularly change Wi-Fi passwords;
    - Install proper anti-virus software and the latest security patches to the
    - Perform regular system updates for the devices;
    - Choose privacy friendly settings, such as not allowing video recording or
      audio recording when conducting online meetings. Disable any 
      attention-tracking functions; and
    - Always authenticate participants in online meetings before start

Learn More

Wish to broaden your knowledge in data privacy protection by learning the key elements of the PDPO and other related hot topics in the comfort of your home or the office? Do join our live interactive online PDPO seminar and professional workshops to learn your obligations as data users and your rights as data subjects!



Online Introduction to the Personal Data (Privacy) Ordinance (PDPO) Seminar (New!)

Date: 23 April (Thursday)
Time: 3:00pm - 4:30pm
Fee: Free of charge
Mode: Online

Key Takeaways:
- A general introduction to the PDPO
- The six data protection principles
- Offences & Compensation
- Direct Marketing
- Q & A session

Enrol now!



Online Professional Workshop - Data Protection in Direct Marketing Activities (New!)

To learn online - Data Protection in Direct Marketing Activities.

Date: 17 April (Friday)
Time: 2:15pm - 5:15pm
Fee: $750/ $600*
Mode: Online

* Discounted fee for members of PCPD's Data Protection Officers' Club ("DPOC") and the supporting organisations only.

Key Takeaways:
- A practical approach to compliance of the requirements under the PDPO in direct marketing activities
- Hands-on solutions to problems that marketers face in devising direct marketing activities
- Sharing of conviction cases

Enrol now!

To promote data ethics, the PCPD has launched a tram advertising campaign with a total of three trams as moving billboards carrying the slogan of "Practise Data Ethics - Respectful, Beneficial & Fair; for a Smart Hong Kong (實踐數據道德 - 尊重、互惠、公平;構建智慧香港)", the trams travel on Hong Kong Island from 20 March to 15 April 2020.

Administrative Appeals Board Dismisses Appeal Relating to the Government’s Marshalling Duties (26 March)

Read media statement

Response to media enquiry on an individual reposting personal data of a police officer on social media (24 March)

Read media response (Chinese only)

Response to media enquiry on privacy issues arising from COVID-19 (21 March)


Read media response

Response to media enquiry on suspected misuse of people's photos for promotional purposes by a matchmaking company (21 March)

Read media response (Chinese only)

Response to media enquiry on a district council member collecting citizens' address proof (18 March)

Read media response (Chinese only)

What are the rules wrapping privacy during COVID-19?

In a public health emergency that relies on people keeping an anti-social distance from each other to avoid spreading a highly contagious virus, the governments around the world have been quick to look to technology companies for help which has been arousing hot debates on the balance between the interest of public health and personal data privacy.

Read more

As schooling rapidly moves online across the country, concerns rise about student data privacy

Most of America’s public schools have closed during the global coronavirus pandemic and U.S. districts are engaged in an unprecedented shift to online education. Student data privacy is another concerns under the spotlight.

Read more

Here’s what to look for in a work-from-home VPN

Virtual private networks, also known as VPNs, provide people who work from home extra online protection from hackers, But there are also a number of free services, which often come with a cost: Users give up some of their personal data.

Read more

For enquiry, please contact us.
Address: Room 1303, 13/F, Sunlight Tower, 248 Queen's Road East, Wan Chai, Hong Kong         Tel: (852) 2877 7179

If you do not wish to receive the PCPD e-Newsletter, please click here to unsubscribe.



The information and suggestions provided in this publication are for general reference only. They do not serve as an exhaustive guide to the application of the law. The Privacy Commissioner makes no express or implied warranties of accuracy or fitness for a particular purpose or use with respect to the information and suggestions set out in this publication. This publication also contains information or suggestions contributed by others, whose views or opinions are solely those of the contributors and do not necessarily reflect or represent those of the Privacy Commissioner. All information and suggestions provided in this publication will not affect the functions and powers conferred upon the Privacy Commissioner under the Personal Data (Privacy) Ordinance.