|
|
PCPD News provides guidance on good data protection practices to organizations. |
|
|
|
|
Subscribe Now!! |
|
|
|
Privacy News (on-line version) |
|
(Newsletter of the Office of the Privacy Commissioner for Personal Data, Hong Kong) |
|
August 2011 Issue No.25 |
|
|
Investigation Reports/ Inspection Report/ Conviction
Cases |
|
Investigation Reports
On 20 June 2011, the PCPD published four investigation reports on contravention of the Data Protection Principles ("DPPs") of the Personal Data (Privacy) Ordinance ("the Ordinance") related to collection and use of customers' personal data by four banks (Citibank, Fubon Bank, ICBC and Wing Hang Bank). In addition, the PCPD published an investigation report on "Inland Revenue Department Failed to Take All Reasonably Practicable Steps to Ensure the Accuracy of a Taxpayer's Address".
Summary of Contraventions of the Ordinance by Four Banks
|
Bank |
Wrongs |
Remedial Actions by the Banks /Recommendations by PCPD |
Relevant Provisions of the Ordinance |
Citibank
Fubon Bank
ICBC |
Information Collection Statement" ("PICS") was printed in unreasonably small prints. |
The Bank would amend the PICS to ensure that it is easily readable to individuals with normal eyesight. |
Data Protection Principle 1(3) |
|
Citibank |
Collection of the complainant's personal data took place in an on-street promotional activity in a winter evening, and it was difficult for the complainant to carefully read, consider and understand the cautionary note, declaration and terms in the application documents and the privacy policy statement. |
PCPD recommended that banks should provide appropriate and practicable assistance to their customers to help them understand the PICS, taking into account the circumstances of the promotional activity. |
Data Protection Principle 1(3) |
Citibank
Fubon Bank
ICBC |
The PICS did not specify the classes of transferees of personal data. |
The Bank would amend the PICS to specify the classes of transferees of personal data. |
Data Protection Principle 1(3) |
Citibank
Fubon Bank
ICBC |
The disclosure of customers' personal data by the Bank to an insurance company for monetary gain was not within the purpose of use stated in the PICS. |
The Bank undertook that in the event that the personal data of existing customers would be shared with any business partners under any joint marketing program for monetary gain, prior prescribed consent to such use must be obtained from the existing customers. |
Data Protection Principle 3 |
|
Wing Hang Bank |
Disclosure of the complainant's personal data to an insurance company not within the Bank's group for marketing purpose was outside the purpose of use stated in the PICS. |
The Bank had ceased disclosing its existing customers' personal data to companies not within the Bank's group for marketing purpose unless prescribed consent has been obtained from customers. |
Data Protection Principle 3 |
|
ICBC |
The Bank failed to comply with the direct marketing opt-out request made by the complainant, causing the complainant's personal data being repeatedly used for direct marketing. |
The Bank undertook to formulate a written policy/guideline to ensure compliance with customers' direct marketing opt-out requests, and to take all reasonably practicable steps (such as appropriate training, guidance and disciplinary actions) to ensure that its staff would comply with the policy/guideline. |
Section 34 of the Ordinance |
The Commissioner's Recommendations
|
1. |
Enterprises need to have a corporate-wide privacy strategy. They have to communicate to the customers the purpose of collection of their data and respect the customer's right of self-determination over the use of the data. |
|
2. |
Whilst the banks generally meet the legal requirements in the collection and use of customers' data for direct marketing, they are less forthcoming in following the good privacy practices recommended in the Guidance Note.
The Commissioner hopes that the banks could take a more proactive customer-centric and privacy-friendly approach in heeding the recommendations of the "Guidance on the Collection and Use of Personal Data in Direct Marketing" ("the Guidance Note"), instead of getting complacent in meeting the minimum requirements under the existing Ordinance. In return, they should enjoy an enhanced customer trust and loyalty, thus creating a win-win for both the customers and themselves.
|
|
3. |
The ICBC's case of mishandling the customer's opt-out request highlights the difficulties that consumers in Hong Kong face in opting out of direct marketing approaches under section 34 of the Ordinance, namely,
(a) they can only opt out after the approach has been made;
(b) they have to exercise the option against each and every direct marketing company after the approach has been made; and
(c) they have to rely on the direct marketers to honour their unsubscribe requests.
To address these problems, PCPD has been advocating the setting up of a central "Do-not-call" register for consumers to opt out of all unwanted person-to-person telemarketing calls at the outset. The Commissioner hopes that the Government will seriously and promptly pursue the proposal, in an effort to strengthen regulation to prevent or reduce misuse of personal data for direct marketing.
|
|
4. |
The irregularities identified in the ICBC's mishandling of the customer's opt-out request and the IRD's failure to maintain accuracy of the tax-payer's correspondence address share one common feature. They underline the fact that standard operational procedures and guidelines alone will not guarantee compliance with the requirements under the Ordinance. It is important that the staff share work norms which emphasize such compliance. The Commissioner hopes that enterprises will be inspired to proactively build a corporate culture which embraces customer-centricity, privacy and data protection. It is incumbent upon the top management to take the lead to inculcate the staff with these values through effective communication and due reinforcement. |
 |
The Privacy Commissioner Mr. Allan Chiang (centre) held a press conference on 20 July 2011 to publish 5 investigation reports. |
 |
Meanwhile, the PCPD has taken the initiative to undertake checks on the credit card application forms of 10 local banks selected to ascertain compliance with the "Guidance on the Collection and Use of Personal Data in Direct Marketing" published by the PCPD.
Results of Compliance Checks on 10 Selected Banks
|
Guidance Note requirement / recommendation |
Overview |
|
1. |
Are customers informed of the purpose of use of their data and the class of data transferees in clear terms so that customers could ascertain with a reasonable degree of certainty how their data could be used and who could use them? |
Generally meet the requirements stipulated in the Guidance Note |
|
2. |
Is the font size of the Personal Information Collection Statement ("PICS") too small? |
Generally readable |
|
3. |
Is a separate check box provided in the credit card application form or PICS for customers to exercise their right to opt-out from direct marketing of unrelated products/services? |
Only 4 banks followed the recommendation of the Guidance Note to provide a separate check box |
|
4. |
Is a separate check box provided in the credit card application form or PICS for customers to opt-out from sales of his personal data to third parties for monetary gain? |
All the banks did not follow this recommendation |
|
5. |
Have convenient channels been provided to customers for enquiry of their personal data? |
Only 5 banks provided hotlines for customers to enquire about their personal data, while the remaining 5 banks provided only an address and a fax number. |
Report on the Inspection of the Personal Data System of TransUnion Limited
On 15 March 2011, the Privacy Commissioner for Personal Data ("the Commissioner"), Mr. Allan Chiang published his report ("the Report") on the inspection ("the Inspection") of the personal data system of TransUnion Limited ("TransUnion") which was carried out under section 36 of the Ordinance.
TransUnion is a major credit reference agency in Hong Kong maintaining credit records of about 4.3 million individuals. Given the sensitive nature of consumers credit data and the serious adverse impact it may have on individual consumers if these data are mishandled, the Commissioner conducted the Inspection in 2010 to ascertain that the data processing cycle of the personal data system of TransUnion complies with the six Data Protection Principles and the Code of Practice on Consumer Credit Data.
The Inspection revealed that TransUnion has in place comprehensive and detailed policies, guidelines and procedures on the proper handling of consumer credit data, and no major data security issues were found. However, there was room for improvement and the Commissioner made 20 recommendations for TransUnion to enhance its system of control in the areas of data collection, accuracy, retention, security and access, as well as IT security audit.
|
|
|
Conviction Cases |
|
In February and March 2011, two companies were convicted of breaching section 34 (1)(ii) of the Personal Data (Privacy) Ordinance ("the Ordinance"), which requires data users to cease further contact with the individual if the individual chooses to opt-out from direct marketing activities.
|
|
 A telemarketing company was found guilty to the charge under sections 34(1) of the Ordinance for using a complainant's personal data (name and telephone number) for direct marketing purpose, and was fined a total of $5,000 ($2,500 for each summon) on 9 February 2011 at Tsuen Wan Magistrates' Courts.
In this conviction case, the complainant had requested the telemarketing company not to contact her for the purpose of direct marketing. However, the telemarketing company continued to contact her despite her opt-out request. Under section 34(1)(ii), a data user should stop contacting the individual who has made an opt-out request. Contravention of section 34 of the Ordinance is an offence under section 64(10) of the Ordinance.
|
|
 A beauty salon company (the Company) was convicted of breaching section 34(1) (b) of the Ordinance and was fined $1,000 on 24 March 2011 at Kowloon City Magistrates' Courts. The complainant had been receiving direct marketing telephone calls from the Company since June 2009. In mid March 2010, the complainant made opt-out requests to the Company over the phone and in person. However, the Company continued to make marketing calls to her despite her opt-out requests. After investigation, the Company was charged with an offence under section 34 of the Ordinance, which requires data users to cease contacting with the individual if the individual chooses to opt-out.
|
|
These are good lessons for organizations to rethink about the importance of respecting customers' personal data privacy. Failure to comply with customer's opt-out request may result in conviction, which, in return, may damage an organization's reputation.
|
|
|
|
|
|
Privacy Awareness Week 2011
|
|
|
 |
|
Privacy Awareness Week 2011
From 1 to 7 May 2011, the fifth Privacy Awareness Week (PAW) was jointly held by the Office of the Privacy Commissioner for Personal Data (PCPD) and members of the Asia Pacific Privacy Authorities (APPA). PAW is an annual international event aimed at raising awareness of the importance of protecting privacy in Asia Pacific.
|
Privacy Protection Student Ambassador Programme
 During PAW 2011 in Hong Kong, the PCPD disseminated messages relating to the protection of personal data privacy to young people through a series of informative and interactive activities. Young people were reminded to protect their personal data when engaging in online activities, especially while using social networking websites. The main activity was the Privacy Protection Student Ambassador Programme in which young people took up the role of promoting and conveying messages relating to the protection of personal data privacy to their peers. This Programme was also designed for the course of Other Learning Experience (OLE) under the New Senior Secondary curriculum. During the preparatory stage from March to April, the Student Ambassadors participated in courses organized by the PCPD, including seminars and workshops, to learn about privacy rights, promotion skills and production techniques (graphic design and short video production). During PAW 2011, the Student Ambassadors exercised their creativity and adopted various communication means, such as short videos, drama, broadcasts, posters and surveys, to publicize the notion of having to protect personal data privacy in their respective schools. The Programme was a success. Over 700 students from 31 secondary schools participated in the Programme. Moreover, a pamphlet was published to provide young people with tips on personal data protection on the Internet, especially when using social networking websites), as well as during the use of mobile phones.
 Online Survey of "Social Media and Privacy" / Animation
Members of the APPA participating in the event this year included Australia, Canada, Hong Kong, Mexico, New Zealand and South Korea. The PCPD undertook an online survey in conjunction with members of the APPA on the general public's experience with privacy and social networking, e.g. how they used social networking websites; whether they adopted online security measures, etc. The second part of the survey provided some privacy protection tips for social networking users (See page 9 of this newsletter). The survey was conducted from 1 to 31 May and the result will be announced later.
Moreover, the PCPD and members of the APPA had jointly produced an animation to remind people to be careful when uploading personal data to social networking websites. The animation is available at the PAW website (www.privacyawarenessweek.org).
|
|
|
|
|
Between March and April 2011, the PCPD invited Mr. Joe Lam, CEO of HKGolden Forum (01); Mr. Mak Cheung Ching, a renowned artiste (02); Mr. Lee Lik Chee, a famous film director (03); and Ms. Maxim Tang, a professional graphic designer (04) to teach students how to set up exhibition and notice board displays, design promotional leaflets and make short videos. |
|
|
 |
|
|
|
Snapshots of promotional activities organized by Privacy Protection Student Ambassadors. |
|
|
|
Inaugural Ceremony of PAW 2011
The inaugural ceremony of PAW 2011 was held on 2 May. The PCPD invited Mr. Stephen Lam, Secretary for Constitutional and Mainland Affairs; and Mr. Bunny Chan, Chairman of the Commission on Youth, as the officiating guests to launch the event and to preside over the oath-taking ceremony of Privacy Protection Student Ambassadors who pledged to publicize the notion of protecting personal data privacy in their respective schools.
|
 (from left): Privacy Commissioner for Personal Data, Allan Chiang; Chairman of the Commission on Youth, Bunny Chan, and Secretary for Constitutional and Mainland Affairs, Stephen Lam, officiated at the inaugural ceremony of PAW 2011. |
|
|
 (second row, fifth from left) Acting Deputy Privacy Commissioner for Personal Data, Brenda Kwok; Chairman of the Commission on Youth, Bunny Chan; Member of Personal Data (Privacy) Advisory Committee, Shirley Ha; Privacy Commissioner for Personal Data, Allan Chiang; Secretary for Constitutional and Mainland Affairs, Stephen Lam; and Member of Personal Data (Privacy) Advisory Committee, Edwin Tam took photos with "Privacy Protection Student Ambassadors" at the inaugural ceremony of PAW 2011. |
|
|
 |
|
|
|
Drama performance by Privacy Protection Student Ambassadors. |
|
|
|
Other Activities
The PCPD ran a program with the Hong Kong Federation of Youth Group (HKFYG), "uChannel – A Dialogue between the Privacy Commissioner and the Young People" in which the Privacy Commissioner shared with young people his thoughts on how to protect personal data in their daily lives. The program was broadcast live on HKFYG's website. The PCPD also organized two public seminars which attracted about 100 attendees. The first one, "How to Guide Students on the Proper Use of the Internet", was designed for teachers to help raise their students' awareness of the need to protect personal data when carrying out online activities. The second seminar, "How can Business Corporations Protect Personal Data", was targeted at business executives.
|
|
|
The Privacy Commissioner shared with young people his thoughts on how to protect personal data in their daily lives.
|
|
|
Asia Pacific Privacy Authorities tips for safe social networking: |
|
|
|
|
(1) |
Know the privacy policy and settings of the social networking sites you use |
|
(2) |
Think about the information you share and how it's being used, e.g. what might a future employer or partner think if they read it? |
|
(3) |
Remember, the Internet lets your information be collected and shared easily. The harmless information you post could be added to the mix, creating a full profile about you. Who might see it? |
|
(4) |
Sharing information with just a few people doesn't stop it reaching a wider audience; be aware who might pass things on |
|
(5) |
Before you post and tag pictures of someone else, ask for their consent - and request that they do the same to you |
|
(6) |
Set up 'friend' groups to control the access different people in your life have to your personal details |
|
(7) |
Don't accept friend requests from people you don't know |
|
(8) |
Location based check-ins can be risky. Do you really want everyone to know that no one's home? |
|
|
|
|
|
 News from the PCPD |
|
Report on Further Public Discussions on Review of the Personal Data (Privacy) Ordinance
On 18 October 2010, the Government published the "Report on Public Consultation on Review of the Personal Data (Privacy) Ordinance" and launched further public discussions on the legislative proposals to strengthen personal data privacy protection under the Personal Data (Privacy) Ordinance. The Commissioner and his staff attended a total of 41 public forums and meetings with interested parties during the two-month consultation period.
|
 |
|
 |
|
|
|
|
The PCPD carried out target survey and online-survey respectively to solicit public and stakeholders' views on its original proposals which the Administration has indicated not to pursue further.
The target survey was carried out on 3 and 13 December 2010. The PCPD sent out to 95 targeted respondents a questionnaire and 43 replies were received. The online survey was carried out from 8 to 28 December 2010 and over 1,200 responses were received.
|
|
|
Figure 1:
Opinion on the proposal to set up a territorial-wide "Do-not-call" Register
|
|
Respondents (Target survey): 43; Respondents (On-line survey): 1,210
*Includes 292 responses from one call centre
|
|
|
Figure 2:
Opinion on the proposal to afford a higher protection to sensitive personal data
|
|
Respondents (Target survey): 43; Respondents (On-line survey): 1,208
*Includes 293 responses from one call centre
|
|
|
Figure 3:
Opinion on the proposal to empower the PCPD to award compensation to aggrieved data subjects
|
|
Respondents (Target survey): 43; Respondents (On-line survey): 1,207
*Includes 292 responses from one call centre
|
|
|
Figure 4:
Opinion on the proposal to empower the PCPD to impose monetary penalty on serious contravention of data protection principles
|
|
Respondents (Target survey): 43; Respondents (On-line survey): 1,214
*Includes 291 responses from one call centre
|
|
|
|
The Commissioner made a submission to the Administration in response to the "Report on Public Consultation on Review of the Personal Data (Privacy) Ordinance".
|
|
|
|
|
|
On 18 April 2011, the Government published the "Report on Further Public Discussions on Review of the Personal Data (Privacy) Ordinance" (further public discussions report) setting out the legislative proposals aimed at strengthening personal data privacy protection. The further public discussions report reaffirms that the Administration will pursue the majority of the proposals previously made by the PCPD. The Commissioner made a submission to the Administration and the Legislative Council's Panel on Constitutional Affairs in response to the further public discussions report on 31 May 2011. It is hoped the PCPD's submission will be duly considered by the Administration and the Legislature so that the amendment bill to the Personal Data (Privacy) Ordinance best meet the public aspirations for protecting personal data privacy.
 Amendments to the Code of Practice on Consumer Credit Data: The Sharing of Mortgage Data for Credit Assessment
The PCPD in January-February 2011 conducted a public consultation in response to the proposal made by the financial services industry ("the Industry") to share more comprehensive consumer credit data through the use of a central credit database operated by a credit reference agency (CRA). Hitherto, credit providers were already sharing negative mortgage data for residential properties. Under the proposal, positive mortgage data for residential properties, as well as both positive and negative mortgage data for non-residential properties (collectively the "Additional Mortgage Data"), would be additionally shared.
The proposal, which has the support of the Hong Kong Monetary Authority (HKMA), is aimed at facilitating comprehensive credit assessment of consumers, thereby promoting responsible lending and borrowing and reducing the risk of over-borrowing by consumers. The HKMA has the view that the expanded sharing of mortgage data is necessary for the maintenance of banking and financial stability in Hong Kong in the longer term. The HKMA emphasized that responsible borrowing and lending would mitigate the risk of possible property bubble forming and subsequent bursting.
 During the consultation process, the PCPD collected many views expressed by members of the public, Legislative Councilors, District Councilors, political party, academics, members of the legal profession, public organizations, private organizations, professional bodies and associations representing various trades and industries. In particular, the PCPD received 56 written submissions and solicited the views of 877 individuals through a structured questionnaire interview.
Having duly considered the diverse views received, the Commissioner was convinced that the Industry proposal would lead to responsible borrowing and lending. In turn this would be albeit to some extent only, conductive to stabilizing of the property market and the banking system. He noted that this conclusion was in line with the general perception held by the public.
Accordingly, the Commissioner revised the Code of Practice on Consumer Credit Data on 1 April 2011 to allow for the sharing of the Additional Mortgage Data. The new regulatory regime has the following features:
(a) As far as positive mortgage data is concerned, sharing is restricted to the Mortgage Count only (i.e. the number of mortgage loans held by an individual as borrower, mortgagor or guarantor).
(b) Sharing of pre-existing mortgage data is permissible for negative data but not for positive data, unless explicit and voluntary consent is obtained from the customers.
(c) Sharing of positive mortgage data is restricted to new mortgage loan applications and review of existing mortgage loans only. Sharing of such data for credit assessment of non-mortgage related credit facilities is allowed if the amount of credit facility exceeds a certain threshold to be proposed by the Industry at a later stage.
(d) Access to the Additional Mortgage Data is allowed for general portfolio reviews of consumers' credit worthiness after a 24-month transitional period has lapsed.
(e) Additional privacy safeguards have been imposed upon the CRA and the credit providers commensurate with an enlarged credit database and greater sharing and use of mortgage data.
To facilitate understanding of these issues, the PCPD published a Fact Sheet titled "Understanding the Code of Practice on Consumer Credit Data: Common Questions on the Sharing of Mortgage Data for Credit Assessment Purpose".
|
 |
|
|
|
The Privacy Commissioner Mr. Allan Chiang (centre) held a press conference on 21 March 2011 to release of the report on public consultations on some proposed revisions to the Code of Practice on Consumer Credit Data. |
|
|
|
PCPD launches a new series of business and community education programmes
 PCPD rolled out a series of new business and community education programmes with a view to promoting awareness and understanding of, as well as compliance with, the requirements under the Personal Data (Privacy) Ordinance ("the Ordinance").
In the area of business education, PCPD has taken the initiative to promote compliance with the provisions of the Ordinance by launching a series of professional compliance workshops. The workshops, by offering a thorough grounding of the applications and interpretations of the Ordinance, are tailored to the needs of executives dealing with personal data in different work contexts, including data protection officers, human resource managers, solicitors, compliance officers, IT managers and company secretaries. The initiative has the support of 25 professional organizations and trade associations, and over 850 people in total attended the 25 workshops that took place between April and June 2011.
|
|
|
|
|
|
In the area of community education, seminars on the theme "Protection of Personal Data Privacy – Proper Use of Technology in Daily Life" have been conducted since March 2011 to educate the public on data protection in the context of the use of the Internet and advanced communications products, including social networking. |
|
|
 |
|
|
|
Mr. Joe Lam, CEO of HK Golden.com, Chairman of Online Service Providers Alliance and Council Member of iProaA (left), Mr. Emil Chan, Chairman of the Hong Kong IBM Users Group and Council Member of iProA (middle) and Mr. Peter Koo, Publicity & PR Director (China/HK) of ISACA (China Hong Kong Chapter), Asian Advisory Board Member of (ISC)2, Partner of Enterprise Risk Services of Deloitte Touche Tohmatsu (right) educated the public on data protection in the use of Internet and advanced communications products. |
|
|
|
To cater to increasing demand, the frequency of free introductory seminars organized by PCPD has increased since February 2011 from once per month to three times per month. The seminars are designed to raise the public's awareness and understanding of the Personal Data (Privacy) Ordinance. |
|
|
|
|
|
Education & Careers Expo 2011
To convey the relevant messages on the protection of personal data privacy to youngsters and job seekers, the PCPD participated in the "Education & Careers Expo 2011" organized by the Hong Kong Trade Development Council from 17 to 20 February, with the booth attracting some 3,500 visitors. Job seekers were specially reminded not to provide excessive personal data at the recruitment stage and not to give their personal data to "blind advertisement" advertisers.
Staff of the PCPD also delivered a talk on the protection of job seekers' personal data privacy during the Expo and provided answers to questions related to personal data privacy.
|
|
|
 |
|
|
|
|
|
|
Consumer Roadshow on Protection of Personal Data 2011
To educate the general public about the importance of personal data privacy, the PCPD staged a series of consumer roadshows at shopping malls over weekends in February and March 2011.
Informative materials and short videos were displayed to illustrate individuals' privacy rights under the Personal Data (Privacy) Ordinance and provide practical tips about data protection in daily life. PCPD staff also provided on-the-spot answers to visitors' questions.
The consumer roadshows, which attracted over 10,000 visitors, were held at six shopping centres across the territory, namely Hing Wah Shopping Centre, Tin Yiu Shopping Centre, Cityplaza, Dragon Centre, Kai Tin Shopping Centre and Olympian City.
|
PCPD Staff Promotion
From left: Mr. D. F. Lo (Personal Data Officer), Ms. Maggie Lo (Senior Personal Data Officer), and Mr. Brad Kwok (Personal Data Officer)
|
|
|
|
|
 Speaking Engagements |
To promote the awareness and understanding of, and compliance with the provisions of the Ordinance, the Commissioner and his colleagues participated as guest speakers in seminars organized by the following organizations:
|
|
|
|
On 7 December 2010, Mr. Allen Ting, Chief Personal Data Officer of the PCPD spoke at the Transport Department's Annual Seminar for Engineers 2010 on the topic "Compliance with Personal Data (Privacy) Ordinance at Work".
 On 14 December 2010, Privacy Commissioner Mr. Allan Chiang delivered a talk on the topic of "Data Privacy and Management Responsibility" organized by Chartered Management Institute (Hong Kong Branch).
 On 11 January 2011, Privacy Commissioner Mr. Allan Chiang gave a luncheon talk on "Doing Business and Respecting Privacy: the Case of Sharing of Mortgage Data for Credit Assessment" organized by Lions Club of South Kowloon.
 On 20 January 2011, Privacy Commissioner Mr. Allan Chiang gave a talk to the "Customer Care & Responsibility Forum 2011 - Building & Sustaining Customer Trust: Opportunities & Challenges" organized by the Hong Kong Council of Social Service.
From left: Ms. Daisy Chow, Chief Operation Officer, Intimex Business Solutions Company Ltd.; Mr. Raymond Fung, Vice President, Business Imaging Solution division of Canon Hongkong Co., Ltd; Mr. Allan Chiang, Privacy Commissioner; Ms. Connie Lau, Chief Executive, Hong Kong Consumer Council, and Mr. Buston Chu, Vice-Chairman of Hong Kong Association for Customer Service Excellence and General Manager, Corporate Communications & Marketing Division of Dah Chong Hong Holdings.
 On 24 February 2011, Privacy Commissioner Mr. Allan Chiang gave a luncheon talk to the Rotary Club of Hong Kong Harbour on the topic "Sharing of Mortgage Data for Credit Assessment".
 On 8 April 2011, Privacy Commissioner Mr. Allan Chiang delivered a talk on "Use (or Misuse?) of Personal Data in Telecommunications" organized by the Communications Association of Hong Kong.
 On 15 April 2011, Mr. Henry Chang, Information Technology Advisor of the PCPD, delivered a speech titled "Personal Data Protection in the Cloud" at a conference organized by Business Software Alliance.
 On 18 April 2011, Privacy Commissioner Mr. Allan Chiang delivered a talk on "Expanding Sharing of Consumer Credit Data: Where Do You Draw the Line?" organized by the Foreign Correspondents' Club.
 On 25 May 2011, Mr. Allen Ting, Chief Personal Data Officer of the PCPD, delivered a talk on the protection of personal data privacy to staff members of the Consumer Council during its all-staff meeting on 25 May 2011. Photo shows Mr. Ting and Ms. Connie Lau, Chief Executive Officer of Consumer Council, at the meeting.
 On 10 June 2011, Privacy Commissioner Mr. Allan Chiang gave a keynote speech at the 43rd Distinguished Salesperson Award Presentation Ceremony organized by the Hong Kong Management Association and Sales and Marketing Executives Club.
|
|
|
|
|
|
 |
Protection of personal data - Proper Use of Technology in Daily Life |
|
|
How to protect personal data from being excavated on the Internet
In the past, "human flesh search" was conducted only by enforcement authorities as a way of obtaining background information of suspects. Before the mid-90's, the search was only confined to traditional media. However, with the widespread use of personal computers and the Internet since the early 2000s, the culture of "human flesh search" have become prevalent in the discussion forums of social networking sites.
In the anonymous world of the Internet, web users do not know each other. However, a person's location is evident from his IP and email addresses, or he may unknowingly give it away through the use of ICQ and MSN. The popularity of free online albums and video-sharing websites has given rise to another channel through which such information can be leaked.
People who conduct human flesh searches usually use online search engines, social engineering, hacker software and file-sharing software to obtain the personal data of their targets, or they may obtain the information from the targets' friends in discussion forums.
The following tips on how to avoid falling victim to human flesh searches will help you navigate the Internet safely.
Firstly, bear in mind the fact that you tend to leave more fragmented personal data on the Internet than you may be aware of. The data will be there permanently even though you may forget where you had left it. Therefore, you should keep a list of accounts that you create so that you can delete the ones that you are unlikely to use in future.
Secondly, use different account names, email addresses and passwords for different websites. This way, even if a password is stolen, the loss from the data leak can be minimized
Thirdly, try to minimize the amount of personal data uploaded to the Internet. In most cases, the uploading of personal data are done by friends. Therefore, do not allow people whom you do not know well to get access to your personal data easily. For one, it would be safer to restrict your photos in Facebook to specified friends (or groups).
Fourthly, the Internet and social networking sites are in essence publication tools, not communication tools. As the data on the Internet will be kept there permanently, think twice before uploading your personal data.
Last but not least, as a member of a discussion forum, you have the right to express your opinions. However, before giving your views, you should think carefully about whether your opinions could be used as a tool in cyberbullying.
|
|
|
|
|
|
 DPOC News |
|
People are increasingly concerned about the protection of their personal data privacy. If you often handle personal data of your customers or staff during the course of your daily work, you should join our Data Protection Officers' Club (DPOC) which will enable you to receive the latest information on the protection of personal data privacy.
|
|
|
|
|
|
 Statistics on Complaints & Enquiries |
|
Enquiries and Complaints received by the PCPD (1 December 2010 – 30 June 2011)
Number of Enquiry Cases : 10,334
Number of Complaint Cases : 686
|
|
|
|
