Have you done any of these lately?
If so, whatever your intentions, you will have violated the Personal Data (Privacy) Ordinance (PDPO). Tweet this
Enacted in Hong Kong in 1995, PDPO seeks to protect the privacy of individuals in relation to personal data.
In an article titled “Hong Kong Regulators Step up Enforcement on Personal Data Protection” by the Data Protection Report in May this year, an insurance agent, marketing agency, as well as portfolio manager were penalised for the improper handling of personal data by the Securities and Futures Commission (“SFC”) under the PDPO. In each case, the plaintiffs were sentenced to a Community Service Order, fine, and SFC disciplinary action respectively.
Personal data is information that:
These include names, identity card numbers, and medical and employment records.
|Section 35C of the PDPO requires that your company provide the following information to the individual orally or in writing before using his personal data in direct marketing:
Pursuant to section 35G(3) of the Ordinance, a company which receives a customer’s request for cessation of using his personal data in direct marketing must comply with the request without charge.
Failure to comply with any of the above requirements is a criminal offence, which is punishable by a fine of up to HK$500,000 and imprisonment for up to 3 years.
Ensure you have a well-drafted data protection policy that outlines the following:
In today’s era of internet and connectivity, consumers are more concerned than ever about protecting the privacy of their personal data. Observe good data management practices, and you will be putting your customers at ease.