I would like to share the Seminar on Data Privacy: Practical Guides for Data Users in Business, which was organized by HKSTP on 20th January 2011.
The speaker was Mr. Ricardo Lee who was consultant of Ma Tang & Co and his talk included "Introduction of Data Privacy", "Cross-OS Comparison", "6 Data Protection Principles", "What the Laws are about" and "Tips for Data Users".
The data privacy in accounting terms mean security measures and devices employed by the accountant to assure that confidential information (e.g., client files) are not improperly accessed.
Mr. Lee compared the OS between Microsoft and iPhone. Apps in new version of iPhone cannot collect user data without user consent and cannot use analytics software to collect and send user data to a third party.
It should be complying with all applicable privacy and data collection laws and regulations with respect to any:
I) Collection, II) Transmission, III) Maintenance, IV) Processing and V) Use, etc.
Then Mr. Lee introduced the Six Data Protection Principles.
Principle 1: Purpose and manner of collection of personal data
(The purpose of collection and relevant to a function or activity)
Principle 2: Accuracy and Duration of retention of personal data
(Erase the data after completed the purpose)
Principle 3: Use of personal data
(Get user data consent for other purposes)
Principle 4: Security of personal data
(Protect personal data against unauthorized access)
Principle 5: Information to be generally available
Principle 6: Access to personal data
(Access right to the user data should be defined.)
After that Mr. Lee introduced the laws give out the rights of the personal data included:
l Fair means to collects
l Provide only the necessary data
l Change use only after consent
l Request for accuracy, proper keeping time, security, access and correction, and
l Request for disclosure of privacy policies
Moreover, Mr. Lee briefed the laws require you to say "NO" to Data Access:
l If a data access request comes with insufficient proof of identity
l If a data request does not come with sufficient information to identify the data subject (or without proper authorization)
l If a data request ask for personal data of another individual
He also briefed the laws allow you to say "NO" to Data Access:
l If another data user controls the use of the personal data and such way of use prohibits you (receiving the data) to comply
l If a data request is not made in a form specified under Section 67 of the Ordinance
l If a data request is exempted under Part VIII of the Ordinance
Finally, Mr. Lee gave us a tips about data privacy for data users below.
l Internal Policies and Security
l Charge data access request a fee