Property management bodies: collection of identity card numbers of residents applying for electronic entrance cards giving access to the building viewed as excessive collection - DPP1(1) and the Code of Practice on the Identity Card Number and Other Personal identifiers.
The Complaint
A property management company in a private housing estate introduced a "Door Access Card" system. Once the electronic readers had been installed residents needed to use a door access card or door key to enter the building. Those residents who wished to apply for the door access cards were required to register their names, telephone numbers and Hong Kong Identity Card numbers with the management company for record purposes. One resident of the housing estate objected to the collection of his identity card number and lodged a complaint with the PCPD.
The management company explained to the PCPD that the door access cards might fall into the wrong hands. If that occurred the identity card number would permit the identification of the resident in the event that the access card were misused e.g. for criminal purposes. In the event of claims being made against the management company i.e. redress sought by a victim of some criminal wrongdoing, the management company could seek indemnity from the cardholder concerned. The collection of identity card numbers was intended to prevent any harm to residents and to safeguard against damage or loss on the part of the management company. As such, these purposes were permitted under paragraphs 2.3.3.2 and 2.3.3.3 of the Code of Practice on the Identity Card Number and other Personal Identifiers ("the PI Code"). The management company also stated that collection was necessary for the purposes set out in section 58(1)(a) and (d) of the Ordinance, i.e. the prevention or detection of crime and the prevention, preclusion or remedying of unlawful conduct, which satisfied paragraph 2.3.2.2 of the PI Code.
Findings of the Privacy Commissioner
The existence and extent of loss or damage contemplated by the management company was held by the Privacy Commissioner to be something that should be realistically justified. Paragraph 2.3 of the PI Code was not intended to be invoked as an excuse for general application. Paragraph 2.3 is designed to provide specific exceptions to the general prohibition placed upon the collection of identity card numbers. In this particular case, it would be possible for the management company to identify or trace the responsible cardholder through the flat owner who originally agreed to the issuance of the access card in question or, where appropriate, take legal action against the flat owner. While acknowledging that an identity card number is an important item of personal data, the Privacy Commissioner considered it unnecessary and excessive to collect the identity card numbers of all residents in the estate simply because of the installation of a door access card system.
Action by the Privacy Commissioner
An enforcement notice was served on the management company and, as directed, the company ceased collection and destroyed those records containing the identity card numbers of residents.