The relevant laws that protect data privacy in Hong Kong are expressed by way of six principles under Schedule 1 of the Ordinance. These six principles regulate the collection, access, use, storage and processing of personal data by ‘data users’ and outline the rights that extend to ‘data subjects’. For the full version of the 6 principles, please refer to pages 232-234 of your textbook. The following is the brief description of the six principles.
Principle 1 Purpose and manner of collection of personal data
This principle provides for the lawful and fair collection of personal data and sets out the information a data user must give to a data subject when collecting personal data from a subject.
Principle 2 Accuracy and duration of retention of personal data
This principle provides that personal data should be accurate, up-to-date and kept no longer than necessary.
Principle 3 Use of personal data
Principle 3 discusses how data may be used. This principle restricts the uses to which data may be applied and provides that unless the data subject gives consent, personal data should be only used for the purposes for which they were collected or a directly related purpose.
Principle 4 Security of personal data
This principle establishes appropriate security measures to be applied to personal data (including data in a form in which access to or processing of the data is not practicable).
Principle 5 Information to be generally available
Principle 5 provides for openness by data users about the kinds of personal data they hold and the main purposes for which personal data are used.
Principle 6 Access to personal data
This provides for data subjects to have rights of access to and correction of their personal data.