PCO Office of the Privacy Commissioner for Personal Data, Hong Kong imagebanner image
Privacy Policy StatementSearchSite DirectoryText Only VersionChinese  
image
About PCPD
image
The Ordinance
image
PCPD Activities
image
Information Centreimage
Privacy Zone for Youngsters (Games)
image
Publications and Videos
image
Enquiries and Complaints
image
Case Notes
image
Contact Us
image
Annual ReportCode of Practice & Explanatory BookletConsultation Document/Report
NewsletterGuidance Note & Fact SheetLeaflet & FormOpinion Survey
OthersInvestigation Report / Inspection ReportInformation Book
image

Publications and Videos
Annual Report
 

Complaint Investigations

image

Complaints Received 2006-2007

Figure 1 - Annual Complaint Caseload

image

A total of 1,067 complaint cases were received in 2006-2007 (an increase of 10% on the previous year).


Figure 2 - Types of Party Complained Against

image
  • 734 (69%) complaint cases were against private sector organizations.
  • 205 (19%) complaint cases were against public sector organizations (i.e. government departments and other public bodies).
  • 128 (12%) complaint cases were against individuals.

Figure 3 - Complaints Against Private Sector Organizations

image

The majority of complaints against the telecommunications and financial sectors alleged the unlawful use or disclosure of customers' personal data.


Figure 4 - Complaints Against Public Sector Organizations

image

The majority of complaints against public sector organizations involved:

  • the alleged use of personal data beyond the scope of collection purpose and without the consent of the individual (51%);
  • lack of security measures to protect personal data (24%);
  • non-compliance with data access or correction requests (13%);
  • and excessive or unfair collection of personal data (11%).

Figure 5 - Nature of Complaints

image

The 1067 complaint cases received in 2006-2007 involved a total of 1376 alleged breaches of the requirements of the Ordinance. Of these, 1226 (89%) were alleged breaches of the data protection principles and 150 (11%) were alleged contraventions of the provisions in the main body of the Ordinance.

Of the 1226 alleged breaches of the data protection principles, 787 (64%) concerned the alleged use of personal data of complainants without their consent. In this category, 75 (10%) involved debt collection, mostly allegations against financial institutions and telecommunications companies for passing customers' personal data, such as contact details and amount of indebtedness, to debt collecting agencies for the recovery of outstanding debts.

There is a misunderstanding among some complainants regarding the ambit of the Ordinance when applied to use or disclosure of personal data. A common example is that some complainants believe their personal data can only be used or disclosed to others after prior consent concerning a particular act has been obtained from them. The Ordinance restricts the purpose of use or disclosure of personal data to their original collection purpose or a directly related purpose. Any other use or disclosure of personal data requires the express consent of the data subject concerned. In other words, if the use or disclosure of personal data is within an original collection purpose, or a directly related purpose, it is not necessary for the data user to obtain the consent of the data subject prior to use or disclosure.

 
 

Previous PageTable of ContentsNext Page

  imageNotice/ Copyright 2001 Office of the Privacy Commissioner for Personal Data, Hong Kong. All rights reserved. Disclaimer