The
Privacy Commissioner for Personal Data
The Office of The Privacy Commissioner for Personal Data is headed
by the Privacy Commissioner of Personal Data who is appointed by the
Chief Executive. His duties and powers include:
(1)
promoting the awareness and understanding of the Ordinance's requirements;
(2) approving and issuing codes of practice giving practical guidance
on compliance with the Ordinance;
(3) approving requests from data users on automated matching of
personal data;
specifying classes of data users required to submit annual returns
and to compile a register of data users for public inspection;
(4) inspection of personal data systems and making recommendations
for compliance with provisions of the Ordinance; and
(5) investigation of suspected breaches of the Ordinance's requirements
and issuing enforcement notices to data users as appropriate.
Data Protection Principles
Principle 1 -- Purpose and manner of collection This provides
for the lawful and fair collection of personal data and sets out
the information a data user must give to a data subject when collecting
personal data from that subject.
Principle
2 -- Accuracy and duration of retention This provides that personal
data should be accurate, up-to-date and kept no longer than necessary.
Principle
3 -- Use of personal data This provides that unless the data
subject gives consent otherwise personal data should be used for
the purposes for which they were collected or a directly related
purpose.
Principle
4 -- Security of personal data This requires appropriate security
measures to be applied to personal data (including data in a form
in which access to or processing of the data is not practicable).
Principle
5 -- Information to be generally available This provides for
openness by data users about the kinds of personal data they hold
and the main purposes for which personal data are used.
Principle
6 -- Access to personal data This provides for data subjects
to have rights of access to and correction of their personal data.
Exemptions
The Ordinance provides specific exemptions from the requirements
of the Ordinance. They include:
(1)
a broad exemption from the provisions of the Ordinance for personal
data held for domestic or recreational purposes;
exemptions from the requirements on subject access for certain employment
related personal data; and
(2) exemptions from the subject access and use limitation requirements
of the Ordinance where their application is likely to prejudice
certain competing public or social interests, such as: security,
defence and international relations; prevention or detection of
crime; assessment or collection of any tax or duty; news activities;
and health.
Offences
There are a variety of offences, for example non-compliance with
an enforcement notice served by the Privacy Commissioner carries
a penalty of a fine at Level 5 (at present $25,001 to $50,000) and
imprisonment for 2 years.
<<Back
|