PCPD News

私隱專員公署通訊

•

Issue no. 29

8

PCPD in Action

公署動態

Case in Brief

個案摘要

Data Protection in Property Management

物業管理的資料保障

COVER STORY

專題報道

Mark Your Diary

活動日誌

Resources Updates

資源快訊

Statistics

統計

Glossary

詞彙

Technology Updates

科技新知

Ms Bojana Bellamy

英國

Hunton & Williams

資訊政策領導中心主席

President, Centre for

Information Policy Leadership at

Hunton & Williams, UK

鄭衛賓先生

Mr Chris Cheng

香港電訊集團高級法律顧問

Senior Group Legal Adviser

HKT Group, Hong Kong

Ms Karinna Neumann

加拿大

Nymity

認可

私隱保障專業人員

Certified Privacy Professional

Nymity, Canada

全球各地保障個人資料私隱的法例不斷發展，科技的演進和全球化，再加上電子數據為本的新

經濟體系盛行，個人資料和私隱保障的法規和符規要求也相應出現新的模式。新模式不再單純

以法律常規為依歸，而是著眼於機構在收集、使用和分享資料時的問責性。具問責性和負責任

的個人資料私隱管理系統，已成為企業管理不可或缺的一環，對營商無往而不利，有助增加競

爭優勢。

The proliferation of data privacy laws across the globe, the transformation and globalisation of

technology, and the rise of a digital, data-based economy call for a new approach to data privacy

regulation and compliance – one that is based not solely on legal norms, but on the accountability

of organisations that collect, use and share data. The accountable and responsible management of

data and privacy has become an integral part of corporate governance, a business enabler and a

competitive differentiator.

電訊業已邁進以客本的紀元，資料使用者與規管者和資料當事人保持溝通對話是十分重要的。

香港電訊在符規方面的標準，有兩項基本要求：公平和透明度。在透明度方面，職員應按「有需

要知道」的原則查取客戶的個人資料；機構應在儘早的階段告知客戶他們所提供的資料的用途，

這樣才可以讓客戶真正明白和同意個人資料的使用。藉著參與私隱管理系統，我們向公眾傳達

出的訊息是香港電訊時刻遵從法律，和公平地使用顧客的資料。

The telecommunications industry has moved into a “customer-centric” universe. Dialogue amongst

regulators, data users and data subjects is of growing importance.

The standard of our compliance has always been based on two basic requirements: fairness and

transparency. Regarding fairness, staff can access customer data only on a need-to-know basis,

and regarding transparency, customers are informed about the use of their data at the earliest

convenience, and they must genuinely consent to the use of their personal data. By implementing

and following a PMP, we are sending a message to the public that HKT is a fair, law-abiding user

of our customers’ personal data.

私隱管理系統的基本組件是問責性，而達致問責性，機構須具備多項關鍵的條件，包括維繫一

個有效私隱保障制度的責任，在處理個人資料過程中推行有利私隱保障的活動；機構內需要有

視私隱管理系統為己任的人，對私隱管理活動的統籌和監督瞭如指掌的人。機構亦要需要在私

隱管理活動完成後加以紀錄。

在這實行問責制度的框架之下，機構應首先訂立私隱管理活動作基準，然後規劃所需要的措施，

根據已界定的範圍、業務個案、時序和資源把活動付諸實行。機構可參閱

Nymity

出版的書籍

Practical Guide to Building Accountability through an Effective Privacy Programme

。

The fundamental component for an effective privacy programme in an organisation is accountability.

The key elements of accountability include responsibility for maintaining an effective privacy

programme and activities that have a positive impact on the processing of personal data; ownership,

in terms of individuals answerable for the management and monitoring of privacy management

activities); and evidence of the completion of privacy management activities.

Under the framework for implementing accountability, organisations should, in the first place, set

up a baseline for privacy management activities; plan which measures should be implemented in

a privacy programme; and put the activities into place according to a determined scope, business

situation, sequence and resources.

Organisations may refer to the Nymity publication Practical Guide to Building Accountability through

an Effective Privacy Programme for more information.