Hong Kong Ordinances
[Index]
[Table]
[Search]
[Notes]
[Noteup]
[Download (Current & Past)]
[Download (Current only)]
[繁體中文]
[Help]
PERSONAL DATA (PRIVACY) ORDINANCE - SECT 2
Interpretation
Caution: This is a past version. See the current version here.
(1) In this Ordinance, unless the context otherwise requires- "act" (作為)
includes a deliberate omission; "adverse action" (不利行動), in relation
to an individual, means any action that may adversely affect the individual's
rights, benefits, privileges, obligations or interests (including legitimate
expectations); "appointed day" (指定日) means the day appointed under
section 1(2); "approved code of practice" (核准實務守則) means a
code of practice approved under section 12; "code of practice" (實務守則)
includes-
(a) a standard;
(b) a specification; and
(c) any other documentary form of practical guidance; "Commissioner"
(專員) means the Privacy Commissioner for Personal Data established
under section 5(1); "Committee" (諮詢委員會) means the
Personal Data (Privacy) Advisory Committee established under
section 11(1); "complainant" (投訴人) means the individual, or the
relevant person on behalf of an individual, who has made a complaint;
"complaint" (投訴) means a complaint under section 37; "correction"
(改正), in relation to personal data, means rectification, erasure
or completion; "daily penalty" (每日罰款) means a penalty for each
day on which the offence is continued after conviction therefor;
"data" (資料) means any representation of information (including an
expression of opinion) in any document, and includes a
personal identifier; "data access request" (查閱資料要求) means
a request under section 18; "data correction request"
(改正資料要求) means a request under section 22(1); "data
protection principle" (保障資料原則) means any of the
data protection principles set out in Schedule 1; "data subject"
(資料當事人), in relation to personal data, means the individual
who is the subject of the data; "data user" (資料使用者), in
relation to personal data, means a person who, either alone or jointly
or in common with other persons, controls the collection, holding,
processing or use of the data; "data user return"
(資料使用者申報表) means a data user return referred to in
section 14(4); "disclosing" (披露), in relation to personal data,
includes disclosing information inferred from the data; "document"
(文件) includes, in addition to a document in writing-
(a) a disc, tape or other device in which data other than visual images
are embodied so as to be capable, with or without the aid of some
other equipment, of being reproduced from the disc, tape or other
device; and
(b) a film, tape or other device in which visual images are embodied so as
to be capable, with or without the aid of some other equipment, of
being reproduced from the film, tape or other device; "employment"
(僱用) means employment under-
(a) a contract of service or of apprenticeship; or
(b) a contract personally to execute any work or labour, and related
expressions shall be construed accordingly; "enforcement notice"
(執行通知) means a notice under section 50(1); "financial
regulator" (財經規管者) means any of-
(a) the Monetary Authority appointed under section 5A of the
Exchange Fund Ordinance ( Cap 66);
(b) the Securities and Futures Commission established by section 3 of the
Securities and Futures Commission Ordinance ( Cap 24);
(c) a clearing house within the meaning of section 2(1) of the
Commodities Trading Ordinance ( Cap 250) or a recognized clearing
house within the meaning of the
Securities and Futures (Clearing Houses) Ordinance ( Cap 420);
(d) the Exchange Company within the meaning of section 2(1) of the
Commodities Trading Ordinance ( Cap 250);
(e) the Exchange Company within the meaning of section 2(1) of the
Stock Exchanges Unification Ordinance ( Cap 361);
(ea) a recognized exchange controller within the meaning of section 2 (1)
of the Exchanges and Clearing Houses (Merger) Ordinance ( Cap 555);
(Added 12 of 2000 s. 23)
(f) the Insurance Authority appointed under section 4 of the
Insurance Companies Ordinance ( Cap 41);
(g) the Registrar of Occupational Retirement Schemes appointed under
section 5 of the Occupational Retirement Schemes Ordinance ( Cap 426);
(ga) the Mandatory Provident Fund Schemes Authority established by
section 6 of the Mandatory Provident Fund Schemes Ordinance (
Cap 485); (Added 4 of 1998 s. 14)
(h) a person specified in a notice under subsection (7) to be a regulator
for the purposes of this definition; "inaccurate" (不準確), in
relation to personal data, means the data is incorrect, misleading,
incomplete or obsolete; "inspection" (視察) means an inspection
under section 36; "investigation" (調查) means an investigation
under section 38; "log book" (紀錄簿), in relation to a data user,
means the log book kept and maintained by the data user under
section 27(1); "matching procedure" (核對程序) means any procedure
whereby personal data collected for 1 or more purposes in respect of
10 or more data subjects are compared (except by manual means) with
personal data collected for any other purpose in respect of those
data subjects where the comparison-
(a) is (whether in whole or in part) for the purpose of producing or verifying
data that; or
(b) produces or verifies data in respect of which it is reasonable to
believe that it is practicable that the data, may be used (whether
immediately or at any subsequent time) for the purpose of taking
adverse action against any of those data subjects; "matching procedure
request" (核對程序要求) means a request under section 31(1);
"personal data" (個人資料) means any data-
(a) relating directly or indirectly to a living individual;
(b) from which it is practicable for the identity of the individual to be
directly or indirectly ascertained; and
(c) in a form in which access to or processing of the data is practicable;
"personal data system" (個人資料系統) means any system, whether
or not automated, which is used, whether in whole or in part, by a
data user for the collection, holding, processing or use of
personal data, and includes any document and equipment forming part of
the system; "personal identifier" (個人身分標識符) means an
identifier-
(a) that is assigned to an individual by a data user for the purpose of
the operations of the user; and
(b) that uniquely identifies that individual in relation to the data user,
but does not include an individual's name used to identify that
individual; "practicable" (切實可行) means reasonably practicable;
"prescribed officer" (訂明人員) means a person employed or engaged
under section 9(1); "processing" (處理), in relation to
personal data, includes amending, augmenting, deleting or rearranging
the data, whether by automated means or otherwise; "register"
(登記冊) means the register of data users kept and maintained by
the Commissioner under section 15(1); "relevant data user"
(有關資料使用者), in relation to-
(a) an inspection, means the data user who uses the personal data system
which is the subject of the inspection;
(b) a complaint, means the data user specified in the complaint;
(c) an investigation-
(i) in the case of an investigation initiated by a complaint, means
the data user specified in the complaint;
(ii) in any other case, means the data user the subject of the
investigation;
(d) an enforcement notice, means the data user on whom the notice is
served; "relevant person" (有關人士), in relation to an individual
(howsoever the individual is described), means-
(a) where the individual is a minor, a person who has parental
responsibility for the minor;
(b) where the individual is incapable of managing his own affairs, a
person who has been appointed by a court to manage those affairs;
(c) in any other case, a person authorized in writing by the individual to
make a data access request, a data correction request, or both such
requests, on behalf of the individual; "requestor" (提出要求者),
in relation to-
(a) a data access request or data correction request, means the
individual, or the relevant person on behalf of an individual, who has
made the request;
(b) a matching procedure request, means the data user who has made the
request; "specified" (指明), in relation to a form, means specified
under section 67; "third party" (第三者), in relation to
personal data, means any person other than-
(a) the data subject;
(b) a relevant person in the case of the data subject;
(c) the data user; or
(d) a person authorized in writing by the data user to collect, hold,
process or use the data-
(i) under the direct control of the data user; or
(ii) on behalf of the data user; "use" (使用), in relation to
personal data, includes disclose or transfer the data; "would
be likely to prejudice" (相當可能損害) includes would
prejudice.
(2) For the avoidance of doubt, it is hereby declared that paragraph (c) of
the definition of "relevant person" shall not be construed-
(a) to entitle a person who has only been authorized to make a data
access request on behalf of an individual to make a data correction
request on behalf of the individual;
(b) to entitle a person who has only been authorized to make a data
correction request on behalf of an individual to make a data access
request on behalf of the individual.
(3) Where under this Ordinance an act may be done with the prescribed consent
of a person (and howsoever the person is described), such consent-
(a) means the express consent of the person given voluntarily;
(b) does not include any consent which has been withdrawn by notice in
writing served on the person to whom the consent has been given (but
without prejudice to so much of that act that has been done pursuant
to the consent at any time before the notice is so served).
(4) Subject to section 64(10), it is hereby declared that any reference in
this Ordinance to the effect that a data user (howsoever described)-
(a) has contravened a requirement under this Ordinance; or
(b) is contravening a requirement under this Ordinance, includes-
(i) where paragraph (a) is applicable, any case where the data user
has done an act, or engaged in a practice, in contravention of
a data protection principle;
(ii) where paragraph (b) is applicable, any case where the data
user is doing an act, or engaging in a practice, in
contravention of a data protection principle.
(5) Notwithstanding any other provisions of this Ordinance, a complaint may be
made (and an investigation, if any, initiated by the complaint may be carried
out) in relation to a person who has ceased to be a data user except any such
person who has not at any time been a data user during the period of 2 years
immediately preceding the date on which the Commissioner receives the
complaint and, accordingly, a person in relation to whom such a complaint is
made shall for the purposes of such complaint (and an investigation, if any,
initiated by such complaint) be deemed to be a data user, and the other
provisions of this Ordinance shall be construed accordingly.
(6) Any reference in this Ordinance to a data protection principle followed by
a number is a reference to the principle bearing that number set out in
Schedule 1.
(7) The Chief Executive may, by notice in the Gazette, specify a person to be
a regulator for the purposes of the definition of "financial regulator".
(Amended 34 of 1999 s. 3)
(8) It is hereby declared that a notice under subsection (7) is subsidiary
legislation.
(9) Where a person-
(a) holds any office, engages in any profession or carries on any
occupation; and
(b) is required by any law, or by any rules made under or by virtue of any
law, to be a fit and proper person (or words to the like effect) to
hold that office, engage in that profession or carry on that
occupation, then, for the purposes of this Ordinance, any conduct by
that person by virtue of which he ceases, or would cease, to be such a
fit and proper person shall be deemed to be seriously improper
conduct.
(10) Subsection (9) shall not operate to prevent seriously improper conduct
including, for the purposes of this Ordinance, conduct by virtue of which a
person ceases, or would cease, to be a fit and proper person notwithstanding
that the conduct is not conduct to which that subsection applies.
(11) Words and expressions importing the neuter gender in relation to any
data user shall include the masculine and feminine genders.
(12) A person is not a data user in relation to any personal data which the
person holds, processes or uses solely on behalf of another person if, but
only if, that first-mentioned person does not hold, process or use, as the
case may be, those data for any of his own purposes.
(13) For the avoidance of doubt, it is hereby declared that, for the purposes
of this Ordinance, any conduct by a person by virtue of which he has or could
become a disqualified person or a suspended person under the Rules of Racing
and Instructions by the Stewards of the Hong Kong Jockey Club, as in force
from time to time, is seriously improper conduct. (Amended 34 of 1999 s. 3)
(Enacted 1995) "act" (作為) "adverse action" (不利行動) "appointed day"
(指定日) "approved code of practice" (核准實務守則) "code of
practice" (實務守則) "Commissioner" (專員) "Committee" (諮詢委員會)
"complainant" (投訴人) "complaint" (投訴) "correction" (改正) "daily
penalty" (每日罰款) "data" (資料) "data access request"
(查閱資料要求) "data correction request" (改正資料要求) "data
protection principle" (保障資料原則) "data subject" (資料當事人)
"data user" (資料使用者) "data user return" (資料使用者申報表)
"disclosing" (披露) "document" (文件) "employment" (僱用) "enforcement
notice" (執行通知) "financial regulator" (財經規管者) "inaccurate"
(不準確) "inspection" (視察) "investigation" (調查) "log book"
(紀錄簿) "matching procedure" (核對程序) "matching procedure request"
(核對程序要求) "personal data" (個人資料) "personal data system"
(個人資料系統) "personal identifier" (個人身分標識符)
"practicable" (切實可行) "prescribed officer" (訂明人員) "processing"
(處理) "register" (登記冊) "relevant data user" (有關資料使用者)
"relevant person" (有關人士) "requestor" (提出要求者) "specified"
(指明) "third party" (第三者) "use" (使用) "would be likely to
prejudice" (相當可能損害)
[Index]
[Table]
[Search]
[Notes]
[Noteup]
[Download (Current & Past)]
[Download (Current only)]
[繁體中文]
[Help]