PCPD - 2001-2002 Annual Report

Publications and Videos

2001-2002 Annual Report_13

Report on Activities - Operations

Compliance Checks carried out in 2001-02

A compliance check is undertaken when the PCPD identifies a practice in an organization that appears to be inconsistent with the requirements of the PD(P)O. In such circumstances, the PCPD raises the matter in writing with the organization concerned pointing out the apparent inconsistency and inviting it, where appropriate, to take remedial action. In many cases, the organization concerned takes the initiative and responds by undertaking immediate action to remedy the suspected breach. In other cases, organizations seek advice from the PCPD on the improvement measures that should be taken to avoid repetition of suspected breaches.

During the reporting year, the PCPD conducted 41 compliance checks in relation to alleged practices of data users that might be inconsistent with the requirements of the PD(P)O. Of these, 5 compliance checks related to practices in government departments/statutory bodies. The remaining 36 compliance checks related to practices in private sector organizations.

Figure 14 - Illustrations of issues of compliance checks

Issues Improvement Measures Recommended

A circular accessible via the departmental network disclosed the full date of birth of retiring officers.
There is no justifiable reason for the disclosure of the full date of birth of staff members who have retired. When personal data are published, special care should be taken in respect of the sensitivity of the type of data that might be disclosed. Only limited data necessary for the purpose of the display should be openly published.

Application forms containing personal data of claimants were found unattended in the toilet.
When disposing of old documents that contain personal data, care should be taken to avoid inadvertent disclosure of the data. A proper procedure would be to have the documents shredded.

A prize-winning announcement made on an Internet web-site disclosed the full name and HK Identity card number of prizewinners.
The organization was recommended to publish either the name of winners or the HK Identity card number in its future prize-winning announcements. Where both data are published, it should avoid disclosing the full HK Identity card number of prizewinners.

Job applicants were required to provide a copy of their HK Identity card when they attended a job interview.
Copies of the HK Identity card should only be collected from prospective employees after they have accepted employment, as proof of compliance on the part of the employer with section 17J of the Immigration Ordinance. The company was recommended to cease the practice.

Application forms of mobile service subscribers were re-used as draft papers and distributed to unrelated parties.
The company was recommended to implement guidelines to remind all staff to avoid re-using papers that contain the personal data of individuals unless appropriate measures are taken to safeguard those data from inadvertent disclosure.

Visitors to a building estate car park were required to provide their HK Identity card number for recording when leaving the car park.
The car park management was recommended to consider adopting a "double permit system" in which an exit pass given to the driver on entry to the car park must be surrendered upon departure from the car park.

Owners of a newly occupied private estate were required to provide copies of their HK Identity card for the refund of temporary water meter deposits.
The property management company was recommended to cease the practice, as the water meter deposit receipts from the Water Authority should be adequate to serve the purpose of the refund applications.

Notices issued to registered consumers responsible for repair of building communal pipeworks listed the names and mailing addresses of other parties.
The department was recommended to revise the repair notice so as to avoid the listing of the names and mailing addresses of other responsible parties. When the mailing address of a registered consumer differs from the address of the concerned premises, a personal copy of the notice should be sent instead.

Outdated service orders of a utility company were left unattended in a car park.
The company was recommended to require its appointed contractor to review its operational procedures regarding the collection and disposal of confidential documents.

Sample checks on "Blind" recruitment advertisements

The Code of Practice on Human Resource Management ("the Code") was issued on 22 September 2000. It came into effect on 1 April 2001. Under the Code, "blind" recruitment advertisements that directly solicit personal data from job applicants, and do not identify the parties that have placed them, are not permitted. For example, a recruitment advertisement that asks job applicants to submit their resumes to a PO box number without revealing the identity of the employer would be in breach of the Code.

Prior to the commencement of the Code, the PCPD examined over 6,000 recruitment advertisements in leading local newspapers. Of these, about 25% were "blind"advertisements that directly solicited personal data from job applicants. Over 1,500 reminder letters were sent to them alerting them of the requirements of the Code.

After the Code came into effect on 1 April 2001, the PCPD continued to examine leading local newspapers and recruitment supplements on a daily basis to identify "blind" recruitment advertisements. Advertisers who directly solicited the submission of personal data from job applicants but did not reveal their identity were selected. Advisory letters and copies of the Code and the Compliance Guide for Employers and HRM Practitioners were sent to them reminding them of the requirements of the Code.

During the period from April 2001 to end June 2002, over 215,755 recruitment advertisements were randomly checked. Of these, 12.3% (26,542) were non-compliant recruitment advertisements in which advertisers were found to have directly solicited personal data from job applicants without revealing their identity to applicants. A total of 13,734 warning notices were issued to these advertisers. Formal investigations were carried out in two cases in which the advertisers were found to be repeated offenders and were issued with more than 10 warning notices. (Figure 15)

[Image of Figure 15]

[Image of Previous Page][Image of image][Image of Table of Contents][Image of image][Image of Next Page]

End of Page

[Annual Report] [Code of Practice/ Guideline & Explanatory Booklet] [Consultation Document/ Report] [Newsletter] [Guidance Note & Fact Sheet] [Leaflet & Form] [Opinion Survey] [Others] [Investigation Report / Inspection Report] [Information Book]

[About PCPD] [The Ordinance] [PCPD Activities] [Information Centre] [Privacy Zone for Youngsters (Games)]
[Publications & Videos] [Enquiries & Complaints] [Case Notes] [Contact Us] [Search] [Site Directory] [Graphical Version]
[Chinese Version]