Data protection in Hong Kong is governed by the Personal Data (Privacy) Ordinance, Cap. 486.
This Ordinance deals with protection of privacy of individuals in relation to personal data. In other words, the scope of protection is confined to ‘information privacy’ only.
The impact and legal effects on the ‘data subject’ and ‘data user’ come from the main body of the Ordinance, the six Data Protection Principles (DDPs) in Schedule 1 of the Ordinance and the code of practices as stated in section 12 of the Ordinance.
The 6 DPPs
DPP1 : Purpose and Manner of Collection
DPP2 : Accuracy and Duration of Retention
DPP3 : Use of Personal Data
DPP4 : Security of Personal Data
DPP5 : Information to be Generally Available
DPP6 : Access to and Correction of Personal Data
Privacy Impact Assessment (PIA)
PIA is a systematic process that evaluates a proposal in term of its impact upon personal data privacy with the objective of avoiding or minimising adverse impact.
It helps an organization to :
Identify the potential impact that a proposal may have upon individuals’ personal data privacy;
Examine how any detrimental effects upon date privacy might be overcome; and
Ensure that new projects comply with DPPs.
The list of matters to be addressed would include the followings :
Purpose – DPP1
Accountability Choice & Consent – DPP1
Collection Limitation – DPP1
Use & Processing – DPP3
Retention & Accuracy – DPP2
Access & Correction – DPP6
Security Protection – DPP4
Compliance – DPP5