9

PCPD News

私隱專員公署通訊

•

Issue no. 29

張耀堂先生

Mr Sunny Cheung

八達通控股有限公司行政總裁

Chief Executive Officer

Octopus Holdings Limited,

Hong Kong

Mr Mikko Niva

芬蘭諾基亞私隱保障總監

Director of Privacy,

Nokia Corporation, Finland

不止於守法，要做對的事。如果你只是做合法的事，你的顧客難免會向你表示不滿，要求你做

得更好。預防勝於治療，遇有疑問，最好是問顧客提供答案。

八達通近年引入了全面的企業管治框架，以回應個人資料、顧客保障和風險評估等方面的挑戰。

保障個人資料私隱是產品及服務開發過程中必須考慮的因素。機構又採用職責劃分和雙重監控

的制度，任何個人資料的提取和銷毁都需要起碼兩名專責人員核准。

機構的首席風險主任本身是管理層的一員，他兼顧個人資料私隱和保障顧客兩方面的工作。每

當大家醞釀和討論新措施，新產品或程序，首席風險主任都會參與，即時探討和評估相關的潛

在私隱風險。

在開發流動應用程式方面，收集個人資料面對的一大挑戰是處理透明度和可讀性兩者之間的予盾。

八達通採用「可免則免」的原則去收集個人資料。以

OctoCheck

程式為例，程式並無收集可識別

個人身份的資料或位置資料；用戶登記時只需提交部分的八達通帳戶資料。另一款獎賞程式亦

沒有收集顧客的身份證明資料；只有在顧客同意的情況下才會收集位置資料，從而為顧客提供

鄰近商舖的定位服務。

We need to do not just enough to satisfy the legal requirements, but what is right. Even ‘legally right’

does not protect a company from dissatisfied customers, as they always demand something more.

Prevention is better than cure; in the case of doubt, it is good to ask your customers.

Octopus has responded to these challenges with an all-round corporate governance framework

addressing the issues of personal data, customer protection and risk assessment. Octopus has

embedded personal data privacy in its product and service development, and has adopted a

programme of segregation of duties and dual control. The extraction and destruction of data require

the approval of at least two designated persons.

The Chief Risk Officer [of the company], who looks after both data privacy and customer protection, is

also a member of the management team. When we talk about new measures, products or procedures,

the Chief Risk Officer is present to identify the potential risks so that we can do a risk assessment on the

spot.

Regarding mobile app development, one of the main challenges is to deal with the paradox of

transparency versus readability in data collection. Octopus has adopted the principle of “always

collect the minimum”. For the OctoCheck app, neither personally identifiable information nor

location data are collected. Only a partial Octopus ID is used for registration. In the case of the

rewards app, no personally identifiable data is collected from customers. Location data is collected

only with the consent of customers for the provision of customer service, by helping them locate the

nearest merchants.

全球科技環境變得愈來愈複雜，臨急抱佛腳式，欠缺協調的措舉難以妥善地保障個人資料私隱。

法規、技術和標準、問責性和倡導保障私隱，才是回應當下這複雜環境的良策。

尊重個人私隱是諾基亞私隱管理系統的核心價值，問責、公平和合法地處理個人資料、採用貫

徹私隱保障的設計、通知和取得當事人的同意、選擇和參與、收集和用途限制、資料管理，披露

資料的限制和保安等等，這些都是機構每位員工恪守的原則。機構不容任何隱瞞式的，沒有監

控或保安措施的或過度的個人資料處理活動。

在評估私隱影響時，單是著眼於產品是不夠的，還要看產品整個生命周期會涉及的個人資料。

換言之，我們要仔細檢視個人資料如何經由用戶經應用程式或流動裝置流向支援的後勤系統，

以及市場推廣、數據分析及廣告代理等第三方。如過程涉及數據流的分拆，資料由多個資料使

用者操控，或個人資料遍佈廣泛的地區，事情就更加複雜。

The global technology environment is getting so complex that it is impossible to get it right through

uncoordinated, ad hoc activities. Regulations, technology, standards, accountability and privacy

engagement are some of the tools organisations can use to deal with the complexity.

At Nokia, respect for individuals’ privacy is at the heart of our privacy management programme.

Everyone observes the principles of accountability; the fair and lawful processing of personal data;

Privacy-by-Design; notice procedures; customer consent, choice and participation; collection and

purpose limitation; responsible data management; limited disclosures; and security safeguards. No

hidden, uncontrolled, excessive or unsecure processing of personal data is allowed.

Regarding privacy impact assessment, it is not enough to look at the product alone, but at the complete

life cycle of the associated personal data. This involves examination of the data flow from users, via an

app or device, to the supporting backend systems and third parties, such as marketing, analytics and

advertising agents. The data chain becomes more complex with the physical separation of the data flow

components, with data being held by different controllers, and with the data spread over geographical

regions.