What laws apply to the collection and use of individuals’ personal information?
Data privacy laws have become more prominent in recent years. As the amount of personal information available online has grown substantially, there has been an enhanced focus on the processing of personal data, as well as the enforcement of such laws.
Hong Kong’s Personal Data (Privacy) Ordinance regulates data privacy law in Hong Kong and is based on six data protection principles:
- Data collection – Collect data in a lawful and fair way for a directly related purpose of the data user; Notify subjects as to why (i.e. the purpose) the data is being collected along with the classes of persons the data may be transferred to (ex. HR teams); Collect data which is necessary and not excessive for the purpose.
- Accuracy and retention – Take practical steps to ensure the personal data is accurate and destroy the data once it has fulfilled its purpose.
- Data use – Use personal data only for the purpose for which it was collected or a directly related purpose, unless you receive voluntary and explicit consent for the new purpose.
- Data security – Take practicable steps to safeguard personal information from unauthorized/accidental access, processing, erasure, loss or use.
- Openness – Inform the public about personal data policies and practices relating to the types of collected data (ex. payroll data) and how the data is used.
- Data access and correction – Give data subjects access to their personal data and allow them to make corrections if the information is inaccurate.
In addition to the laws outlined by the Ordinance, the Privacy Commissioner has posted a Code of Practice on Human Resource Management. The code includes specific requirements relating to recruitment and other human resource matters in relation to prospective, current and former employees.
The current authority responsible for enforcement of data privacy law and regulations in Hong Kong is the:
Privacy Commissioner for Personal Data
Led by PeopleDoc’s Chief Legal & Compliance Officer, the HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers, including the global law firm Morgan Lewis, to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where PeopleDoc’s customers have employees. HR Compliance Assist is a service exclusively available to PeopleDoc customers.