15

PCPD News

私隱專員公署通訊

•

Issue no. 30

個案摘要

Case in Brief

強積金計劃成員投訴強積金中介人在

Whatsapp

披露其個人資料

Complaint about the disclosure of an MPF Scheme member’s personal data on

WhatsApp by an MPF intermediary

投訴人早前登記成為一間金融服務公司

的強積金計劃成員，並提供她的英文姓

名、流動電話號碼、住址及身份證號碼

等個人資料。其後，該強積金中介人

1

自

行將投訴人的資料加入其手機應用程式

Whatsapp

的一個群組中，因而披露了

投訴人的英文別名、流動電話號碼及個

人檔案相片給該群組的其他組員。投訴

人遂向私隱專員作出投訴。

結果： 投訴得直

在私隱專員進行調查的過程中，該公司

確認他們就該次登記時收集了投訴人的

英文姓名及流動電話號碼，不過就表示

沒有收集她的英文別名，並指該別名是

投訴人於

Whatsapp

自行設定的用戶名

稱。該公司又解釋，該強積金中介人將

投訴人加入該群組的目的是為了向她提

供最新的強積金相關資訊。

由於該強積金中介人擅自將投訴人的資

料加入該群組，以致投訴人的名字及流

動電話號碼被第三者知悉，私隱專員認

為有關做法違反保障資料第

3

原則的規

定。

就是次事件，該公司已即時向該強積金

中介人作出警告，提醒她要小心處理客

戶的個人資料。該強積金中介人亦確認

已從她的流動電話刪除該群組和投訴人

的聯絡資料紀錄。

此外，該公司向其強積金中介人發出通

告作出提醒，及在強積金中介人簡報會

中重申，前線職員必須先取得客戶的同

意方可在流動電話資訊平台及群組發佈

強積金宣傳資訊，並要小心處理客戶資

料，以避免不慎地將客戶資料披露給第

三者。

When the Complainant registered

as an MPF Scheme member with a

financial institution, she provided her

personal data, such as English name,

mobile phone number, residential

address and identity card number. The

MPF intermediary

1

later added the

Complainant to a group in WhatsApp,

a mobile application in her mobile

phone. The Complainant’s English

nickname, mobile phone number and

photo of her profile were then disclosed

to others in the group. The Complainant

therefore lodged a complaint with the

Commissioner.

Result: Complaint Upheld

In the course of the investigation by the

Commissioner, the institution admitted

that it had collected the Complainant’s

Eng l i s h name and mob i l e phone

number at the time of the registration,

but not her English nickname, which

it said was the WhatsApp username

set by the Complainant. The institution

explained that the MPF intermediary

had added the Complainant to that

group for the purpose of providing her

with updated MPF information.

As the MPF intermediary added the

Complainant to the group without

authorisation, causing disclosure of

the Complainant’s name and mobile

phone number to third parties, the

Commissioner considered that the

MPF intermediary contravened Data

Protection Principle 3.

With respect to this incident, the

institution gave warning to the MPF

intermediary reminding her to handle

her clients’ personal data with greater

care. The MPF intermediary confirmed

t h a t t h e c o n t a c t d e t a i l s o f t h e

Complainant and the group had been

deleted from her mobile phone.

Moreover, the financial institution

s u b s e q u e n t l y r em i n d e d i t s MP F

intermediaries by notice and a briefing

that frontline staff must obtain their

clients’ consent before distributing MPF

promotional information in mobile

information platforms and groups, and

should be careful in handling client

data to avoid inadvertent disclosure of

the data to other parties.

1.

任職上述金融服務公司，為投訴人服務的職員。

A staff member of the financial institution who was assigned to serve the complainant.