香港个人资料私隐专员公署(下称「私隐专员公署」)负责监督《个人资料(私隐)条例》(香港法例第486章)(下称「《私隐条例》」)的执行情况,该条例旨在保障与个人资料有关的个人私隐。
根据政制事务委员会最近于2024年2月19日的会议上就私隐专员公署的工作所发出的背景资料简介,私隐专员公署现正研究进一步修订《私隐条例》以加强对个人资料的保护。
拟议的修订内容包括设立强制性资料外泄通报机制、要求资料使用者制订个人资料保留时限政策及赋予私隐专员公署判处行政罚款的权力。一旦完成具体草案的拟定后,便将会征询政制事务委员会的意见。
以下摘要重点介绍了《私隐条例》中与私隐专员公署所提出的修订建议有关的一些关键点。
Proposed Enhancement of Data Privacy Protection under the Personal Data (Privacy) Ordinance (the “PDPO”)
The Office of the Privacy Commissioner for Personal Data, Hong Kong (the “PCPD”) oversees the enforcement of the Personal Data (Privacy) Ordinance (Chapter 486 of the laws of Hong Kong) (the “PDPO”), which protects individuals’ privacy in relation to personal data.
According to a recent meeting of the Panel on Constitutional Affairs on 19 February 2024 regarding background brief on the work of the PCPD, the PCPD is studying further amendments to the PDPO to enhance personal data protection.
The proposed amendments include establishing a mandatory data breach notification mechanism, requiring data users to have a data retention period policy and giving PCPD the power to impose administrative fines. The Panel on Constitutional Affairs will be consulted once a concrete proposal is formulated.
The summary below highlights some of the key aspects of the PDPO in relation to the proposed amendments advised by the PCPD.