The following paragraphs seek to give practical effect to the Personal Data Collection Limitation Principle (Data Protection Principle 1):
3.1 | Unless authorized by law, no data user may compulsorily require an individual to furnish a copy of his identity card. | ||
3.2 | A data user should not collect a copy of an identity card except: | ||
3.2.1 | A data user should not collect a copy of an identity card except: | ||
3.2.1.1 | for any of the purposes mentioned in section 57(1) of the Ordinance (safeguarding security, defence or international relations in respect of Hong Kong); or | ||
3.2.1.2 | for any of the purposes mentioned in section 58(1) of the Ordinance (the prevention or detection of crime, the apprehension, prosecution or detention of offenders, the assessment or collection of any tax or duty, etc.); | ||
Note: | The above-mentioned purposes include the prevention, preclusion or remedying of unlawful or seriously improper conduct, or dishonesty or malpractice, by person (section 58(1)(d) refers). This paragraph would therefore include the collection from an individual of a copy of his identity card for the prevention or detection of any collusion between the individual and the staff member of the data user handling his case, in a transaction which offers a substantial opportunity for corruption to arise, for example, the processing of an application for public housing. It would also include the collection from an individual of a copy of his identity card for the prevention or detection of impersonation by such individual using a forged, lost or stolen identity card, in a transaction where such risk is not remote, for example, in the | ||
or |