PCPD News

私隱專員公署通訊

•

Issue no. 29

4

PCPD in Action

公署動態

Case in Brief

個案摘要

Data Protection in Property Management

物業管理的資料保障

COVER STORY

專題報道

Mark Your Diary

活動日誌

Resources Updates

資源快訊

Statistics

統計

Glossary

詞彙

Technology Updates

科技新知

operational processes, product and

service design, physical architecture

and networked infrastructure. At the

minimum, the outcome of this holistic

approach is a demonstrable capacity to

comply with the legal requirements of

the Ordinance. When executed well,

a PMP is conducive to building trustful

relationships with customers or citizens,

employees, shareholders and regulators,

creating a competitive edge in the

industry.”

Conversely, without strong personal

data protection, trust may erode to an

organisation’s detriment. Personal data

breaches can be expensive for organisations

– both in terms of “clean up” and reputation

repair. Breaches may also prove expensive

for the affected individuals.

Given the vast amounts of personal data

held by organisations and institutions, the

increasing economic value of the data,

and the heightened attention and concern

regarding privacy breaches, it makes

business sense for organisations to take

私隱專員寄語與會人士，在2014年把私隱管理系統變成各自機構內的熱門詞語。

Privacy Commissioner appeals to the Conference participants to make Privacy Management Programmes the buzz

word in their organisations in 2014.

steps to put in place and maintain a PMP

to minimise the risks of such breaches,

maximise the organisation’s ability to

address any underlying problems, and

minimise the damage arising from breaches.

Mr Chiang hopes these organisations will

fulfill their pledges thus setting an example

of responsible privacy management for other

data users to follow.

背景資料：

「資料使用者申報計劃」

vs

「私隱管理系統」

根據《個人資料（私隱）條例》第

IV

部，

私隱專員有權推行「資料使用者申報

計劃」（

Data User Return Scheme

），要

求指定類別的資料使用者呈報所持有

的個人資料詳情，例如資料類別和用

途；私隱專員並可將申報資料匯編成

資料使用者登記冊，供公眾查閱。

公署於

2011

年

7

月就實施「資料使用者

申報計劃」諮詢公營機構、銀行、電訊

和保險等四個界別（計劃實施第一階

段受影響的行業）。有關業界的團體

認同有需要提升保障個人資料私隱的

水平，但呈報計劃的形式則有所保留。

本港的「資料使用者申報計劃」借鑑

歐盟的資料保障制度，而歐盟於

2012

年起在這方面醞釀改革，考慮摒棄資

料使用者呈報的安排，取而代之，是

著重收集和使用個人資料須具問責性

和透明度的改良制度。歐盟在商議中

的建議包括強制規定（一）公營機構及

（二）私營機構凡於任何連續

12

個月內

處理超過五千名人士的個人資料，均

須設立資料保障主任的職位。鑑於上

述形勢，公署計劃暫緩在本港推行「資

料使用者申報計劃」，直至歐盟改革

完成為止，以便從中汲取經驗。

Backgrounder:

DURS vs PMP

Part IV of the Ordinance provides

for a DURS, under which specified

organisations are obliged to notify the

Commissioner of “prescribed information”,

which includes the kinds of personal data

they control and the purposes for which

the data are held. The Commission may

create a register of the returns and make it

available to the public.

In July 2011, the PCPD consulted the

banking, telecommunications, insurance

and public sectors (those sectors to be

covered in the initial phase of DURS

implementation) on the operational

framework and implementation plan of

the DURS. There was no dispute over

the objective of promoting a higher

standard in the protection of personal

data privacy, but the consultees had

considerable scepticism about achieving

this objective with the DURS scheme.

At the same time, the PCPD has

learned that the European Union (EU)

data protection system, upon which

Hong Kong’s DURS is modelled, is

undergoing reform. Among other things,

the EU is considering replacing the

notification requirement with new and

improved systems which emphasise

accountability and transparency in the

collection and use of personal data,

including the mandatory appointment

of a data protection officer in (a) public

authorities and bodies, as well as (b)

private enterprises that process data

of more than 5,000 persons in any

consecutive 12 months.

In light of the reform, the PCPD

decided to put the project on hold

until the reforms in the EU have been

finalised, and useful lessons can be

learnt from the exercise.