Are You Infringing On Hong Kong’s PDPO?
Have you done any of these lately?
If so, whatever your intentions, you will have violated the Personal Data (Privacy) Ordinance (PDPO). Tweet this
Enacted in Hong Kong in 1995, PDPO seeks to protect the privacy of individuals in relation to personal data.
In an article titled “Hong Kong Regulators Step up Enforcement on Personal Data Protection” by the Data Protection Report in May this year, an insurance agent, marketing agency, as well as portfolio manager were penalised for the improper handling of personal data by the Securities and Futures Commission (“SFC”) under the PDPO. In each case, the plaintiffs were sentenced to a Community Service Order, fine, and SFC disciplinary action respectively.
So, what is personal data?
Personal data is information that:
- Relates to a living person,
- Can identify that person, and
- Is stored in a form that allows for processing.
These include names, identity card numbers, and medical and employment records.
|Section 35C of the PDPO requires that your company provide the following information to the individual orally or in writing before using his personal data in direct marketing:
Pursuant to section 35G(3) of the Ordinance, a company which receives a customer’s request for cessation of using his personal data in direct marketing must comply with the request without charge.
Failure to comply with any of the above requirements is a criminal offence, which is punishable by a fine of up to HK$500,000 and imprisonment for up to 3 years.
So, what can organisations do to avoid infringing on the PDPO?
Ensure you have a well-drafted data protection policy that outlines the following:
- Your purpose of collecting the data,
- The classes of persons to whom the data may be transferred,
- How long you will keep the data for,
- The steps you will take in event of unauthorised or accidental access, processing, erasure, loss or use, and
- How an individual can reach out to access his/her personal data and make corrections.
In today’s era of internet and connectivity, consumers are more concerned than ever about protecting the privacy of their personal data. Observe good data management practices, and you will be putting your customers at ease.