Data protection in Hong Kong is governed by the Personal Data (Privacy) Ordinance, Cap. 486.

This Ordinance deals with protection of privacy of individuals in relation to personal data. In other words, the scope of protection is confined to ‘information privacy’ only.

The impact and legal effects on the ‘data subject’ and ‘data user’ come from the main body of the Ordinance, the six Data Protection Principles (DDPs) in Schedule 1 of the Ordinance and the code of practices as stated in section 12 of the Ordinance.

 

The 6 DPPs

DPP1 : Purpose and Manner of Collection

DPP2 : Accuracy and Duration of Retention

DPP3 : Use of Personal Data

DPP4 : Security of Personal Data

DPP5 : Information to be Generally Available

DPP6 : Access to and Correction of Personal Data

Privacy Impact Assessment (PIA)

PIA is a systematic process that evaluates a proposal in term of its impact upon personal data privacy with the objective of avoiding or minimising adverse impact.

 

It helps an organization to :

 Identify the potential impact that a proposal may have upon individuals’ personal data privacy;

 Examine how any detrimental effects upon date privacy might be overcome; and

 Ensure that new projects comply with DPPs.

The list of matters to be addressed would include the followings :

Purpose – DPP1

Accountability Choice & Consent – DPP1

Collection Limitation – DPP1

Use & Processing – DPP3

Retention & Accuracy – DPP2

Access & Correction – DPP6

Security Protection – DPP4

Compliance – DPP5