14 / 32
14
PCPD News
私隱專員公署通訊
•
Issue no. 30
行業聚焦
Industry Insight
銀行業界的資料保障
Data Protection in the Banking Industry
為了協助銀行業界在收集、儲存和使用
客戶的個人資料及處理客戶的查閱資料
要求時,依從條例的相關規定, 公署特
別發出了一份新指引-《銀行業界妥善
處理客戶個人資料指引》(「指引」)。
公署處理的投訴個案中,銀行業一直是
首三大私營機構類別的被投訴者之一。
此外,涉及銀行運作的投訴數字不斷增
加。在
2013-14
年度,共有
373
宗此類
個案,而在
2012-13
年度及
2011-12
年
度則分別有
198
及
212
宗。 由於銀行
業擁有龐大及敏感的客戶財務資料,發
出這份指引可適切地促進及加強銀行業
在處理客戶的個人資料方面依從條例的
相關規定。保障私隱的銀行可以得到客
戶加倍信任和支持,從而締造客戶、銀
行業務及整個銀行業的三贏局面。
公署制訂這份指引時,參考了行政上訴
委員會在有關案件作出的裁決、公署以
往處理投訴個案的決定,以及香港銀行
公會的個人資料(私隱)條例工作小組
提出的意見。這份指引應對銀行業界有
幫助,因為它涵蓋銀行從業員在實際工
作中經常遇到的資料保障議題:
•
擬備《收集個人資料聲明》;
•
收集客戶的身份證號碼及身份證副
本;
•
確保準確的客戶紀錄;
•
保留客戶的個人資料;
•
收集及使用客戶的個人資料作直接
促銷;
•
與集團內其他公司共用客戶的個人
資料;
•
轉移客戶的個人資料至香港以外地
方;
•
披露客戶的個人資料予執法機構及
財經規管者;
•
在追收欠款中使用客戶的個人資
料;
•
在外展促銷活動中保障客戶的個人
資料;
•
在電子銀行環境中收集及保障客戶
的個人資料;及
•
處理客戶的查閱資料要求。
公署相應更新了銀行
/
金融服務的資料
保障專業研習班的內容,闡釋指引的要
點,歡迎業界人士參加。
認識更多
Learn More
指引資料:《銀行業界妥善處理客
戶 個 人 資 料 》
www.pcpd.org.hk/tc_chi/resources_centre/industry_
specific/files/GN_banking_c.pdf
Guidance on the Proper Handling
of Customers’ Personal Data for the
Banking Industry
www.pcpd.org.hk/english/resources_centre/industry_specific/files/GN_
banking_c.pdf
專 業 研 習 班
www.pcpd.org.hk/tc_chi/education_training/organisations/
workshops/workshop.html
Professional Compliance Workshop
www.pcpd.org.hk/english/education_training/organisations/workshops/
workshop.html
The PCPD published a new Guidance
No t e ,
Gu i d a n c e o n t h e P r o p e r
Hand l i ng o f Cus t ome r s’ Pe r sona l
Data for the Banking Industry
("the
Guidance Note"), to assist the banking
industry in complying with the relevant
requirements under the Ordinance
when collecting, storing and using their
customers’ personal data, and handling
their customers’ data-access requests.
Among private sector organisations,
the banking industry has long been one
of the top three targets of complaints.
Furthermore, the number of complaints
in relation to banking practices has
been growing, with a total of 373 cases
in 2013-14 against 198 cases in 2012-
13 and 212 cases in 2011-12. Taking
into consideration the large customer
database maintained by the banking
industry and the sensitive nature of the
personal financial information involved,
the PCPD considered it appropriate to
publish the Guidance Note to promote
and reinforce the banking industry’s
compliance with the Ordinance when
handling their customers’ personal
data. Privacy-assuring banks will enjoy
enhanced customer trust and loyalty,
thus creating a win-win-win situation
for the banks, their customers and the
banking industry as a whole
The Guidance Note was compiled
using references from the decisions
of the Administrative Appeals Board
for relevant cases, determinations
in past complaint cases handled by
the PCPD, and suggestions collected
during meetings with the Personal Data
(Privacy) Ordinance Working Group of
the Hong Kong Association of Banks.
The banking industry should find the
Guidance Note useful as it covers real
work situations commonly encountered by
banking practitioners involving the following
data-protection compliance issues:-
• preparing personal information
collection statements;
• collecting Hong Kong Identity
Card numbers and copies from
customers;
• maintaining accurate customer
records;
• retaining customers’ personal data;
• collecting and using customers’
personal data in direct marketing;
• sharing customers’ personal data
within the same banking group;
• transferring customers’ personal
data outside Hong Kong;
• disclosing customers’ personal
data to law enforcement agencies
and financial regulators;
• using customers’ personal data in
debt collection;
• protecting customers’ personal data
in off-site marketing campaigns;
• c o l l e c t i n g a n d p r o t e c t i n g
customers’ personal data in the
e-banking environment; and
• handling customers’ data-access
requests.
The content of the PCPD’s professional
workshops on Data Protection in
Banking/Financial Services has been
updated to take account of the Guidance
Note. Banking practitioners are welcome
to enrol in the workshops.