4 February, 2016
The record number of privacy complaints logged in Hong Kong can in part be tied to the fact there are a growing number of companies with business models based on using personal data, an expert has said.
Hong Kong-based data privacy specialist Paul Haswell of Pinsent Masons, the law firm behind Out-Law.com, said increased consumer awareness of the "value and risk associated with sharing personal data" is also likely to explain the rise in complaints recorded.
Haswell was commenting after The Office of the Privacy Commissioner for Personal Data (PCPD) in Hong Kong said it had received nearly 2,000 complaints in 2015. The 1,971 complaints received were up 16% in number on the 1,702 complaints logged with it in 2014, it said.
"An increase in complaints is likely linked to increased awareness of the value and risk associated with sharing personal data, as well as the fact that Hong Kong is seeing a considerable increase in companies seeking to obtain and leverage personal data in Hong Kong," Haswell said. "This ranges from online services seeking to obtain personal data and social media engagement in return for so-called free gifts, through to a wave of phone and online scams targeting Hong Kong citizens in order to extort money from them."
"It is interesting that although the number of complaints has increased, the action taken in response to those complaints has not," he said.
According to the PCPD, 74% of the complaints filed to it last year were made against businesses, with companies in the financial services sector the most complained about, ahead of property management companies and telecoms businesses. The PCPD said public sector or government departments were complained about in 11% of cases, and that 15% of complaints were filed against individuals.
More than three quarters of the complaints recorded by the PCPD related to either the use of personal data without consent, with 786 complaints filed on this point, or were to do with the "purpose and manner of data collection", of which there were 722 cases. Complaints about data security issues or data access or correction requests made up the majority of the remainder of cases recorded, the watchdog said.
The PCPD said that 98 data breach incidents had been reported to it during 2015, up from 70 such incidents the previous year. The 2015 data breach cases affected 871,000 people, compared to the 47,000 people affected by the incidents in 2014, it said.
The data protection authority, however, reported a drop in the number of cases in which it took enforcement action in 2015 compared to 2014. It said it had issued 17 warnings and 67 enforcement notices to organisations last year, down from 20 warnings and 90 enforcement notices issued in 2014.
Hong Kong privacy commissioner Stephen Kai-yi Wong said: "I appeal to all businesses and organisations to ensure the proper handling and disposal of personal data collected, and to take all practical steps to safeguard personal data from unauthorised or accidental access, processing, erasure, loss or use."
"To maintain as an international business centre with free flow of information, Hong Kong should keep up with the development and changes in the privacy landscape with a view to bringing our data protection policies and regulations up to date, as well as striking the right balance. Comparative researches and analyses will be our priorities in 2016 considering also the fact that the European Commission has agreed on a comprehensive data protection reform on 15 December 2015 to introduce the General Data Protection Regulation for strengthening the online privacy rights in the digital age. We will closely monitor the progress, and maintain close liaison with overseas privacy enforcement authorities," he said.
For further information, please contact:
Paul Haswell, Partner, Pinsent Masons
paul.haswell@pinsentmasons.com