Data Privacy and Protection
What Are Personal Information and Privacy?
Personal information is data:
- That relates to a living individual,
- That is practicable to identify a living individual, and
- That is in a practicable form in which one can access to or process of.
Simply put, names, student cards, academic transcripts, Hong Kong Identity cards, employment contracts medical records are all regarded as personal information. The University collects and keeps certain personal information from its members, but this identifiable information will not be sold to a third party unless prior consent is obtained.
Six Data Protection Principles
The Personal Data (Privacy) Ordinance (the Ordinance) is a law that protects an individual’s personal data and privacy. Under the Ordinance, a data user is defined as “a person who, either alone or jointly or in common with other persons, controls the collection, holding, processing or use of the data.” A data subject is defined as “a person in relation to personal data.” In the University, staff or student members will be regarded as data users if they process or hold any personal identifiable information, and individuals from which such information is collected are regarded as data subject. The University requires its data users to handle such information with care and precaution, and provides regular training to its data users and subjects to stayed informed.
The Ordinance is composed of six Data Protection Principles. These Principles are:
1.Data Collection Principle
This principle is to ensure that one’s personal data must be collected without violation of the law. The purpose of collecting such information is directly related to a function or activity of the data user. Only enough but not excessive amount of data should be collected.
2.Accuracy & Retention Principle
For storage of one’s personal information, practicable measures should be employed to make sure that the information is accurate and not kept longer than necessary.
3.Data Use Principle
One’s personal information shall only be used for the purpose it was collected for. Prior consent must be obtained if one’s personal information will be used for purposes different from its original collection.
4.Data Security Principle
Adequate security measures must be taken to prevent one’s personal data from unauthorized access, unintended erasure, loss or misuse.
The University must provide transparency to its members about the personal information it keeps and the purposes it collects the information for.
6.Data Access and Correction
The Ordinance requires the University to ensure that its student and staff members have rights to access to and correct their personal information. Student and staff members of the University can request to make changes to their personal information.