Sharing of Positive Credit Data Code Consultation Report Released

Privacy Commissioner Raymond Tang briefed the press on the consultation report on the sharing of positive credit data.

On 23 January 2003, Privacy Commissioner Raymond Tang released the report on the public consultation on a set of proposed provisions on consumer credit data protection in relation to the financial industry's proposal on the sharing of positive credit data.

A total of 282 submissions were received from individuals, private and public organizations, professional bodies, and representative associations. Respondents generally supported the proposals and many of them had raised comments and offered suggestions in relation to privacy safeguards. Taking the views collected during the public consultation into serious considerations, some amendments to the draft proposals contained in the Consultation Document were made accordingly.

To view the Consultation Report please click on www.pcpd.org.hk/english/ordinance/codes.html.

It is anticipated that the revised Code will be gazetted in mid-May and take effect early June 2003.

Privacy Commissioner Raymond Tang spoke at the Privacy Issues Forum at New Zealand.

Privacy Commissioner Raymond Tang attended two high-level international privacy workshops and meetings in February and March.

On 13 February, Mr. Tang made a presentation on the implementation of data privacy principles by governments at the APEC Data Privacy Workshop hosted by the Electronic Commerce Steering Group in Chiang Rai, Thailand. The workshop, entitled "Addressing Privacy Protection: Charting a Path for APEC", focused on the importance of effective consumer privacy protection arising from trans-border data flows in the context of e-commerce development among APEC economies.

To obtain a copy of the presentation, please visit the PCPD web site at www.pcpd.org.hk/english/infocentre/apec_feb03.html.

To check for updates, please visit the APEC web site at www.export.gov/apececommerce/.

On 26 and 27 March, Mr Tang attended the 16th Privacy Agencies of New Zealand, Australia Plus Hong Kong (PANZA) Meeting in Wellington, New Zealand. The PANZA Meeting is an annual gathering of privacy commissioners from Australia, New Zealand and Hong Kong to discuss and share views on privacy issues. Mr. Tang also made a presentation on the consultation on monitoring of employees at work in Hong Kong at the "Privacy Issues Forum", organized by the New Zealand Privacy Commission on 28 March. Delegates from the region attended to discuss the protection of privacy arising from public health system, genetics and surveillance.

Privacy Commissioner Raymond Tang and President of KISA, Mr. Whie-kap Cho signed the MOU in Seoul, Korea.

HK and Korea sign MOU to foster Personal Data Privacy Protection

The PCPD signed a Memorandum of Understanding (MOU) with the Korea Information Security Agency (KISA) on 27 November 2002 to foster better understanding and co-operation on the protection of personal data privacy.

This is the first bilateral agreement on personal data privacy that Hong Kong has made with another jurisdiction. It recognizes the importance of international co-operation in reducing personal data privacy intrusion in the information age. Whilst recognizing the benefits of free flow of information, authorities around the world are increasingly concerned as to the effect of cross-border data flows that are not subject to a consistent framework of monitoring and regulation.

The MOU sets forth the goal of enhancing the co-operation and joint research and development in education and training programmes. Hong Kong will share experiences with KISA in dealing with various common issues such as e-smart card, cyber privacy, surveillance activities, consumer credit reports and public record information. Although non-binding, the MOU is a mutual expression of both parties' genuine interest in exploring opportunities for future co-operation.

Privacy Commissioner Mr. Tang said that the PCPD would continue to work towards similar bilateral arrangements with other regional partners.

Community Perceptions Towards Surveillance Cameras in Public Places in Hong Kong

The PCPD has released the results of its sixth survey to gauge the public's views towards personal data privacy in Hong Kong. The survey was conducted by the Social Sciences Research Centre of the University of Hong Kong between June and September 2002.

The survey was designed to gain insights into the public's view of using surveillance cameras in public places in Hong Kong. Its objective was to better understand the degree to which the public found surveillance acceptable and under what circumstances. It also identified issues that the public found sensitive, such as the location of the cameras and the purpose of surveillance. A number of real-time monitoring and recorded monitoring situations were also examined in the survey.

Research was carried out in three phrases. In the first stage, focus group interviews were conducted to corroborate views and identify relevant "privacy" issues from selected sectors of the community, including housing estate residents, MTR and KCR communters, car owners, Lan Kwai Fong visitors and workers, university students, tourists and retail shopkeepers. In the second stage, using a questionnaire developed from the results of the focus group interviews, 1,103 households were surveyed by phone. In the third stage, in-depth interviews were conducted with organizations that operate surveillance cameras in public places, such as car parks and retail malls.

The survey results reflect general support for surveillance cameras in public places in certain circumstances. Most people agree that, while both security and privacy issues are equally important, crime prevention and detection justify the use of surveillance cameras at specific locations, such as high crime areas or where there is a high risk of accidents during festive times.

Nearly all focus group respondents supported the use of surveillance cameras in public places for crime prevention, public safety, crowd control and security purposes. The exception was the use of such cameras in taxis or at public beaches. There were also diverse views regarding their use in Lan Kwai Fong. Some considered its use to be justified during festivals or special occasions. But the majority of the respondents agreed that cameras should not be used to monitor specific individuals, in particular if the data is being used by government agencies. There was also considerable concern regarding the control of the cameras' use and access to the recorded contents. There was overwhelming support for the public to be notified if cameras are being used as well as setting of guidelines to avoid potential abuse.

The telephone survey found that the majority of the respondents supported the use of surveillance cameras with recording capabilities over live monitoring for crime prevention, while, for car parks, the support was 51%, and 39% for train platforms and 38% for shops. There was almost unanimous agreement that the recorded tapes should be kept for at least 24 hours, with strong support for tapes to be retained for over one week.

In terms of controlling surveillance, there was widespread support for a PCPD code, notification requirements, security measures, access restrictions but not for licensing. The most popular option was security requirements for tapes (71% essential), public notice of monitoring (57% essential), restricted access to tapes in the case of crime (56% essential), a PCPD code of conduct (43% essential), banning the use of cameras in some situations (43% essential), banning the surveillance of individuals (41% essential) and licensing camera use (29% essential).

Respondents believe that privacy concerns should be addressed in surveillance, even though they may have less priority than security and crime prevention issues. However, there is a clear need to regulate the use and purpose of surveillance cameras in terms of accessing recorded information, public notification and tape security and how long data should be retained. There is also a need for supervision, in the form of a code of practice drawn by the PCPD, to ensure proper control and to avoid potential abuse. Finally, respondents do not see an immediate need to set up licensing requirements for the installation of surveillance cameras, which suggests that drawing up guidelines or a code of practice may be viewed as providing greater privacy assurance to the community.

The survey has provided valuable insights into the public's view towards surveillance cameras. Privacy Commissioner Raymond Tang said that the PCPD will continue to monitor the use of surveillance cameras in public places and to discuss with relevant parties the protection of personal data privacy for individuals.

For further details, please visit the PCPD website at www.pcpd.org.hk/english/publications/opinionsurvey.html.

Privacy Protection in Action: TV Advertisement Competition

In an effort to cultivate and foster a culture where people respect each other's privacy among the younger generation, the PCPD has jointly organized a competition with the Hong Kong Federation of Youth Groups. Entitled "Privacy Protection in Action: TV Advertisement Competition", the activity is open to everyone in Hong Kong between the ages of 12 to 34. Contestants can enter the "Secondary School Group" or the "Open Group" of the competition. To participate, applicants have to produce a one-minute TV commercial based on their understanding of privacy protection in real life.

The panel of judges includes the Hon. Audrey EU Yuet-mee, SC, JP (Legislative Councillor), Mr. Alan LEONG, S.C. (Hong Kong Bar Association), Dr. Francis CHEUNG Wing-ming (Registrar, The Hong Kong Institute of Education) and Mr. Stanley TONG (Renowed Film Director). Prize presentation ceremony will be held in June.

Privacy Commissioner Raymond Tang and speakers Mr. Lee Lik Chee (left), Mr. Daniel Kong (2nd right) and Mr. Joe Yiu.

Industry experts such as film director Mr. Lee Lik-chee, marketing expert Mr. Daniel Kong, Information Services Department's Mr. Joe Yiu, advertising veteran Mr. Tsang Kam-ching and art critic Ms. May Fung were on hand to present a series of workshops and seminars so that participants could have a better understanding of what was involved in producing a television commercial.

For regular updates, please visit the PCPD website at www.pcpd.org.hk or the Hong Kong Federation of Youth Groups u21 web site website at www.u21.org.hk.

Outbreak of Atypical Pneumoniia in relation to Privacy-related Issues

The outbreak of Atypical Pneumonia ("AP") has caused serious social problems whereas it has also raised privacy concern as regards the collection and disclosure of personal information. The PCPD is much concerned about this matter. Data users should strike a balance between public interests and privacy rights of individuals whereas due consideration should be given to the dignity and privacy of the persons concerned so as to avoid causing any unnecessary distress to them.

The PCPD has received many public inquiries in this regard and hope that the following Q&As may answer your queries on this matter.

Credit card company protects customers' privacy (The Washington Times, 6 March 2003)

A leading credit card issuer will introduce a new company policy to block out the last four digits of a credit-card number as well as to remove the account's expiration date from consumer receipts. Hopefully, this will help better protect customers' privacy. The public should be aware that credit card receipts contain valuable personal data. Thieves steal personal information such as the ID card number and open accounts in the victim's name. Do not just throw the receipts away in the garbage. Dispose of them properly and try to block out the number as much as possible. This may help save you from being the next victim!

UK Entitlement Card

A debate is going on in the UK about the government's plan to equip everyone with an identity card, called an "entitlement card". The card would provide details about the cardholder as well as other information, similar to that of the Smart ID Card that will be introduced in Hong Kong. The scheme aims at giving lawful residents proof of identification for easier access to government services and for eligibility to work in the country. The card will look similar to a photocard driving license, which is similar in size to a credit card. Also being considered is having the individual's fingerprint or iris image stored in the memory chip of the card to identify the cardholder and prevent any fake cards. The UK government assures that the scheme will be in line with the Data Protection Act 1998 and that data will not be shared among different government departments and agencies.

New U.S. Rules for Travelers (Associated Press, 3 January 2003)

Overseas travelers arriving at and departing from the United States will have to submit detailed personal information this year under rules proposed by the US federal government as part of its war on terrorism. The information, such as name, date of birth, citizenship, sex, passport number and country of issuance, country of residence, US visa number and address while staying in the US, will be sent electronically to the government before a traveler arrives in the US or departs from it, thus giving officials a complete manifest of exactly who is on board a flight. Once the information is collected, it will be matched against "the appropriate security databases" prior to a travelers' arrival.

The 25th International Conference of Data Protection and Privacy Commissioners

Privacy commissioners and advocators around the world meet every year at the International Conference of Data Protection and Privacy Commissioners to discuss and exchange views on privacy related issues. This year, Australia will host the 25th year of the Conference at the Sydney Convention and Exhibition Centre in Sydney, Australia from 10-12 September 2003, where participants look forward to exploring advances in privacy and building privacy platforms and solutions that enhance the privacy choices.

To obtain further details about the conference, please visit the official website at www.privacyconference2003.org.

2002-2003 DPOC activities overview

The Club instigated several new initiatives in the past membership year.

(From right) Privacy Commissioner and 3 Senior Personal Data Officers shared views with DPOC members on "surveillance in public places".

In the beginning of the membership year, six luncheons were held at the PCPD for all members. At the last plenary meeting on 28 February, Privacy Commissioner Raymond Tang and the three Senior Personal Data Officers, K.T. Chan, Joshua So and Sunning Leung, held a discussion to share views and experiences with members on the subject of surveillance in public places. Many members found the format of the discussion lively and enjoyed expressing their views directly to the Privacy Commissioner and the senior officers.

In a survey to gauge members' views towards our services and activities, we are excited to learn that 75% of respondents found that club activities met their expectations. Over 80% of them found the plenary meetings informative, in particular, the Privacy Forum, which was perceived as an effective two-way communication for discussing privacy issues between the PCPD, club members and other organizations. Overall, 75% of respondents agreed that the Data Protection Workshops provided useful information about complying with the requirements of the Ordinance, and that more workshops and gatherings should be held.

We are glad that the club activities were well received by members. The survey provided us with valuable insights to plan future activities and we will strive to explore new initiatives in the coming year. This year again, we are seeking new members and look forward to recruiting from different fields.