Bulldogtech.org

The HK government has recently discussed the possibility of broadening the definition of personal data to cover information about legal entities such as companies and trusts. This change would add greater protection to individuals and increase compliance measures for businesses that process data. It could also potentially have a negative impact on business efficiency.

Currently, the PDPO protects the privacy of individuals through a range of restrictions, including use limitations and access requirements. The PDPO defines personal data as information relating directly or indirectly to an identifiable individual, and requires that it be accessible only by those who require it in order to carry out activities related to the purpose for which it was collected.

The restrictions apply to any person or organisation that controls the collection, processing or use of personal data, regardless of whether they are within Hong Kong or elsewhere in the world. It is important that business owners understand the implications of the PDPO when engaging external data processors, especially in relation to international transfer of personal data.

Direct marketing practices remain a key focus for enforcement by the Privacy Commissioner, although this is likely to decrease as more individuals are aware of their rights and take steps to request that their data not be used for such purposes. It is an offence under the PDPO for a data user to provide any third party with personal data for the purpose of direct marketing without the consent of the individual concerned, and this can result in a fine of up to HK$500,000.