Appendix I
Personal Data (Privacy) Ordinance
Cap. 486
(Schedule 1)
DATA PROTECTION PRINCIPLES
4. Principle 4 - security of personal data
All practicable steps shall be taken to ensure that personal data (including data in a form in which access to or processing of the data is not practicable) held by a data user are protected against unauthorized or accidental access, processing, erasure or other use having particular regard to-
-
the kind of data and the harm that could result if any of those things should occur;
-
the physical location where the data are stored;
-
any security measures incorporated (whether by automated means or otherwise) into any equipment in which the data are stored;
-
any measures taken for ensuring the integrity, prudence and competence of persons having access to the data, and
-
any measures taken for ensuring the secure transmission of the data.
5. Principle 5 - information to be generally available
All practicable steps shall be taken to ensure that a person can-
-
ascertain a data user's policies and practices in relation to personal data;
-
be informed of the kind of personal data held by a data user;
-
be informed of the main purposes for which personal data held by a data user are or are to be used.
6. Principle 6 - access to personal data
A data subject shall be entitled to-
-
ascertain whether a data user holds personal data of which he is the data subject;
-
request access to personal data-
-
within a reasonable time;
-
at a fee, if any, that is not excessive;
-
in a reasonable manner; and
-
in a form that is intelligible;
-
be given reasons if a request referred to in paragraph (b) is refused;
-
object to a refusal referred to in paragraph (c);
-
request the correction of personal data;
-
be given reasons if a request referred to in paragraph (e) is refused, and
-
object to a refusal referred to in paragraph (f).
Previous Page | Next Page