|
|
|
|
|
|
|
|
|
|
|
The Privacy
Commissioner and the City University of Hong Kong Press jointly
published a Chinese book entitled 《注意!
這是我的個人資料私隱》(Watch
out! This is my personal data privacy). Written in plain and simple
language, this book guides the readers through the major
regulations stipulated under the Personal Data (Privacy) Ordinance
("Ordinance") with insightful cases, aiming to raise public
awareness of protection and respect for personal data and
privacy.
In the book you may find a number of interesting
examples in everyday life, as well as some cases that aroused wide
concern on personal data and privacy for reference. Click the
“Order Form” button below to enjoy the exclusive
offer!
Below is an interesting case extracted from the book (Chinese
version only):
藝人被「狗仔隊」偷拍
(節錄自《注意!
這是我的個人資料私隱》第29頁
)
藝人的私生活是茶餘飯後的話題嗎?雜誌有關藝人私生活的報導,在甚麼情況下會觸犯保障資料原則呢?
書中舉出的兩宗投訴個案中,共有三名藝人投訴被「狗仔隊」偷拍在家中的活動情況。被拍下的照片分別在兩份雜誌上刊登,包括藝人甲和藝人乙有親密行為的照片,以及藝人丙疑似全身赤裸的照片。「狗仔隊」分別在該三名藝人居所的遠處,使用長焦距鏡及放大器等攝影器材進行偷拍,明顯地是長時間和有計劃地監視藝人在室內的活動後才能拍下該些照片。私隱專員認為用這種侵擾性的方式收集有關藝人的個人資料,手法並不公平,而披露藝人在其寓所內的日常生活及親密行為,除滿足公眾的好奇心外,並不涉及公眾利益,屬違反保障資料第
1(2) 原則 。
儘管有人說「食得鹹魚抵得渴,藝人都喜愛曝光」,但畢竟有別於出席公開活動,藝人對在家中進行私人活動會有較高的私隱期望,更何況是親密行為或展示身體部位的照片,那是非常敏感的資料。
想知道更多日常生活上有關個人資料私隱的有趣個案
? 可以在《注意!
這是我的個人資料私隱》找到!
|
|
|
|
|
|
|
|
|
Privacy Commissioner delivered a
presentation on "Observations on the GDPR 2018 from Hong
Kong’s Perspective" at a public symposium on “The
Future of Privacy” jointly organised by the Center for
Information Technology, Society, and Law of the University of
Zurich and the Law and Technology Centre of the University of Hong
Kong under the “Zürich Meets Hong Kong – A
Festival Of Two Cities” Events (26 October
2017)
|
|
|
|
|
|
|
|
|
|
|
Are you ready for the implementation
of European Union General Data Protection
Regulation?
In order to help organisations understand the
standards and the possible impact on their operations of the
European Union ("EU") General Data Protection Regulation
(GDPR) which will come into effect in May 2018, the PCPD will
organise or co-organise with third parties activities in relation
to the education and promotion on the EU GDPR. Please complete and
send the opt-in form to us to receive information on the activities
described above.
|
|
|
|
|
|
|
|
|
Seminar on "Get To Know the Personal Data
(Privacy) Ordinance through Case Sharing"
Date: 27 November 2017 (Monday)
Time: 10:00 am to 12:00 noon
Key requirements under the Ordinance will be
explained during the seminar by a series of cases extracted from
the PCPD's Chinese book
entitled 《注意!
這是我的個人資料私隱》("Watch
Out! This is your personal data privacy"), as well as the
significant cases which attracted media interest in recent
years.
|
|
|
|
|
|
|
|
|
Professional Workshops on Data Protection
Limited seats available for November
courses!
These professional workshops are tailored to the
needs of those people wishing to deepen their knowledge of data
protection. Key features include:
- Analysis of each data protection
principle with relevant real-life scenarios
- Codes of Practice and Guidelines
- Updated guidance notes from the
PCPD
- Lessons learnt from real cases
- Recommended good practices
|
|
|
|
|
|
|
|
|
Workshop on Recent Court and Administrative
Appeals Board Decisions (8 December 2017) New!
This workshop will examine some recent
decisions of the Hong Kong Court and Administrative Appeals Board
which serve as legal authorities and practical examples in solving
problems frequently encountered in compliance work.
|
|
|
|
|
|
|
|
|
A bank should not show
remitter’s address on the electronic advice issued to payee-
Data Protection Principle 3
The Complaint
The Complainant instructed Bank A to remit a sum of money by
telegraphic transfer to an account at Bank B, and later found that
the electronic advice issued to the payee by Bank B showed his name
and address. Dissatisfied with Bank B’s disclosure of his
address to the payee on the electronic advice, the Complainant
lodged a complaint with the PCPD.
Bank B explained that when it received an
international telegraphic transfer from the remitting bank (i.e.
Bank A), it would extract two lines of text from the field of
remitter’s information and put it into the electronic advice
in accordance with the banking practices so as to provide
sufficient information to the payee for identification of the
remitter. According to Bank B, the remitting bank generally inputs
the remitter’s name in the first line of the field and the
remitter’s address in the second line.
|
|
|
|
|
|
|
Outcome
According to the
information provided by Bank B, the purpose of showing the
remitter’s name and address on the electronic advice was to
provide sufficient information to the payee for identification of
the remitter. However, it seemed that Bank B had not considered the
fact that the payee might not have known the remitter’s
address (as in this case). Therefore, the act of showing the data
on the electronic advice could not help the payee to identify the
remitter, but the remitter’s address was unnecessarily
disclosed to the payee. The Privacy Commissioner was of the
view that showing the remitter’s name and account data on the
electronic advice was sufficient to achieve the purpose of
identifying the remitter by the payee. Hence, the act of Bank B in
the case had contravened Data Protection Principle 3.
After the PCPD’s intervention, Bank B agreed
to amend the format of its electronic advice, which would then only
show the data in the first line of the field. Such amendment can
avoid unnecessarily disclosing the remitter’s address to the
payee in future.
|
|
|
|
|
|
|
|
|
|
|
Q: Can a bank request a customer to provide his/her Hong
Kong Identification Card Number for exchanging a HK$500 note for
notes of smaller denominations?
A: According to the Code of Practice on the
Identity Card Number and other Personal Identifiers ("the Code")
issued by the Privacy Commissioner, in general, a data user cannot
compel an individual to provide his Hong Kong Identification (HKID)
Card number except with legal authority. Moreover, HKID
Card numbers should not be collected, unless such collection
is permitted under the Code. In view that such transaction did not
involve substantial risk of money laundering activities, collection
of HKID Card numbers was unnecessary.
|
|
|
|
|
However, banks are permitted to collect HKID Card
copies of their customers as due diligence measures before carrying
out a transaction involving an amount equal to or above HK$120,000,
and if that is a wire transfer, an amount equal to or above
HK$8,000 so as to comply with the relevant requirement in the
Anti-Money Laundering and Counter-Terrorist Financing (Financial
Institutions) Ordinance.
|
|
|
|
|
Q: Can an employer collect
a copy of an employee's HKID Card?
|
|
|
|
|
A: Yes, as a copy of an employee's HKID Card is
evidence of an employer having inspected it before the employment,
as required under the Immigration Ordinance (Cap 115). However,
employer is required by the Code to mark the word "copy" across the
image of the copy to reduce the chance for misuse and abuse.
|
|
|
|
|
Q: Can the security staff of a
building ask visitor to enter his/her HKID Card number in
a visitors' log book at the entrance of a
building?
|
|
|
|
|
A: This depends on whether the monitoring of
visitor’s activities inside the building is feasible or not.
If this is feasible, the security staff should not collect
visitor’s HKID Card number. If such monitoring is not
feasible, they are allowed to collect visitor’s HKID card
number. However, the security staff should take appropriate
security measures to ensure that such entries in a visitors’
log book are concealed from subsequent visitors who enter their
details. If visitor is unhappy about providing his HKID Card
number, visitor may wish to suggest other alternatives. Examples of
such alternatives may include identification by another
identification document, e.g. a staff card issued by
visitor’s company, or identification by someone known to the
security staff, e.g. by a resident in the case of a residential
building.
|
|
|
|
|
|
|
|
|
|
|
“Be SMART
Online” Thematic Website
A one-stop portal to
provide useful information and tips to protect personal data on
computer and to reduce the risks of online privacy
breach.
|
Online Assessment Tool
– Hotel
Learn how to
protect your guests' and your personal data in your daily-life
situation and at work.
|
Case Notes
An archive of outcomes of selected appeals,
complaints and enquiries that illustrate the interpretation and
application of the provisions of the Ordinance.
|
|
|
|
|
|
|
For enquiry, please contact us.
Address: 12/F, Sunlight Tower, 248 Queen's Road East, Wan Chai,
Hong
Kong
Tel: (852) 2877 7171
You are receiving our e-Newsletters because you are a
current member of the DPOC and it is one of the membership
privileges that we provide. If you do not wish to receive them,
please click here to unsubscribe.
|
|
|
|
