28 / 32
PCPD News
私隱專員公署通訊
•
Issue no. 29
28
Mark Your Diary
活動日誌
Resources Updates
資源快訊
Statistics
統計
Glossary
詞彙
私隱影響評估是機構決策過程有用的系
統性評估工具,有助機構充分考慮計劃
或項目對個人資料私隱的影響。
《個人資料(私隱)條例》沒有明確規定
資料使用者必須進行私隱影響評估,但
公署建議機構在推行可能對個人資料
私隱有重大影響的業務項目或計劃前,
應考慮進行私隱影響評估,以審視對個
人資料私隱的影響和識別潛在的私隱問
題,進而在設計階段提供解決方案或措
施,避免或減低不利的影響。私隱影響
評估亦可為日後的循規審查和監控提供
基準。
所謂對個人私隱有重大影響是指涉及處
理或儲存大量個人資料;使用影響廣泛
和私隱侵犯程度高的技術;或機構擬在
措施方面作出重大改變,引致收集、處
理或共用個人資料的數量和範圍擴大。
香港特區政府引入智能身份證之前,曾
四度作私隱影響評估。
私隱評估過程一般包括:
•
個人資料的處理周期分析,涵蓋資料
的收集、保留、準確性、使用(包括
披露和轉移)、保安、政策透明度、
查閱和改正
•
私隱風險分析
•
避免或減低私隱風險
•
評估報告
為免與規管角色有衝突,私隱專員不會
認可或批核私隱影響評估報告。
詳情可參考公署出版的私隱影響評估資
料單張
: www.pcpd.org.hk/chinese/publications/files/PIAleaflet_c.pdf
A Privacy Impact Assessment (“PIA”) is a
systematic risk assessment tool that can
be integrated into the decision-making
process to evaluate the impact of a
proposal on personal data privacy.
Although PIAs are not explicitly provided
for under the Personal Data (Privacy)
Ordinance, the PCPD recommends data
users undertake a PIA before the launch
of any new business initiative or project
that might have a significant impact on
personal data privacy. The objective is
to identify privacy risks so that data users
can use a privacy-by-design approach
and privacy-enhancement measures
at the design stage of a personal data
system, in order to avoid or mitigate any
potential negative impact. A PIA can also
provide a benchmark for future privacy
compliance audits and control.
A P I A s hou l d add r e s s s i gn i f i can t
processing or collection of massive
personal data; the implementation of
privacy intrusive technologies that might
affect a large number of individuals;
or a major change in organisational
practices that may result in expanding
the amount and scope of personal data to
be collected, processed or shared.
For instance, before the HKSAR Governmant
introduced the SMART identity card, four
PIAs were undertaken.
The PIA process should generally include:
• Data processing cycle analysis, covering
collection, accuracy, retention, use
(including disclosure and transfer),
security, policy transparency, access,
and correction of personal data;
• Privacy-risk analysis;
• Measures to avoid or mitigate potential
privacy risks; and
• PIA reporting.
To avoid any potential conflict with its
regulatory role, Privacy Commissioner
neither endorses nor approves the PIA
reports of organisations.
To learn more, please read the PCPD
information leaflet “Privacy Impact
As s e s smen t ”
:
www. pcpd . org . hk /
chinese/publications/files/PIAleaflet_
c.pdf
私隱影響評估
Privacy Impact Assessment
PCPD in Action
公署動態
Case in Brief
個案摘要
Data Protection in Property Management
物業管理的資料保障
COVER STORY
Mark Your Diary
活動日誌
Resources Updates
資源快訊
Statistics
統計
Glossary
詞彙
Technology Updates
科技新知
接獲投訴個案
(
2014
年
1
月至
3
月)
:
394
宗
Number of complaint
cases received
(January – March 2014)
:
394 cases
接獲查詢數目
(
2014
年
1
月至
3
月)
:
4,635
宗
Number of enquiry cases
(January – March 2014)
:
4,635 cases
0
100
200
300
400
500
600
0
3,000
6,000
9,000
12,000
15,000
範疇
TOPIC
範疇
TOPIC
宗
CASE
宗
CASE
查閱資料要求
Data Access
Request
人力資源管理
Human Resources
與互聯網相關
Internet Related
身份證號碼╱
副本及身份識別符
ID card number/copy &
other personal identi ers
直接促銷
Direct Marketing
工作地點監察
Workplace
Surveillance
身份證號碼╱
副本及身份識別符
ID card number/copy &
other personal identi ers
查閱資料要求
Data Access
Request
人力資源管理
Human Resources
直接促銷
Direct Marketing
21
36
37
55
57
2013
144
104
93
178
538
207
478
877
879
1,011
431
1,120
1,986
2,308
13,203
2014 (1-3)
最多投訴範疇
Most Complaint Cases
2013
2014 (1-3)
最多查詢範疇
Most Enquiry Cases
10
2
3
4
500
600
0
3,000
6,000
9,000
12,000
15,000
範疇
TOPIC
範疇
TOPIC
宗
CASE
宗
CASE
查閱資料要求
Data Access
Request
人力資源管理
Human Resources
與互聯網相關
Internet Related
身份證號碼╱
副本及身份識別符
ID card number/copy &
other personal identi ers
直接促銷
Direct Marketing
工作地點監察
Workplace
Surveillance
身份證號碼╱
副本及身份識別符
ID card number/copy &
other personal identi ers
查閱資料要求
Data Access
Request
人力資源管理
Human Resources
直接促銷
Direct Marketing
21
36
37
55
57
2013
144
104
93
178
538
207
478
877
879
1,011
431
1,120
1,986
2,308
13,203
2014 (1-3)
最多投訴範疇
Most Complaint Cases
2013
2014 (1-3)
最多查詢範疇
Most Enquiry Cases