Most Read Contributor in Hong Kong, September 2016
By David Ellis (partner) and Stephen Bureaux
Originally published in June 2002.
On 17 June 2002, the Office of the Telecommunications Authority,
acting in collaboration with the Consumer Council, the Independent
Commission Against Corruption and the Office of the Privacy
Commissioner for Personal Data, issued the Code to help ensure that
data held by the Fixed and Mobile Telecommunications service
operators, are properly protected from misuse.
The Code is voluntary and seeks to set out best practice
standards for operators regarding to the various obligations in
relation to personal data contained in the Personal Data (Privacy)
Ordinance ("PDO"), the Prevention of Bribery Ordinance
("PBO"), and the operators' telecommunications
The authorities involved recognise that in the course of their
business and provision of services, fixed and mobile
telecommunications service operators collect a large volume of
customer personal data including a customer's telephone number,
residential address and details of customer call history, which
data may be sensitive in certain circumstances.
The Code sets out good practice for preventing unauthorised
disclosure of customer information by the operator's staff, and
serves as general guidance for the operators to set their standards
and measures in respect of the protection of customer information.
The Code, although it is drafted with the various legal obligations
contained in the PDO, PBO and the licences in mind, is not
exhaustive with respect to those obligations. Operators must also
ensure their compliance with any additional legal obligations not
covered by the Code.
The structure of the Code is first to identify five overall
"good practices" which should be adopted in order to
prevent unauthorised disclosure of Customer Personal Data. These
The establishment and following of a Policy of Protection of
Customer Personal Data.
The implementation of Technical Measures for the Protection of
Customer Personal Data.
Ensuring adequate Location Security.
Ensuring adequate Staff Security.
Satisfactory procedures for the transfer of Customer Personal
The Code then recommends more detailed good practice policies in
respect of each area, including technical methods of data
protection such as encryption and password protected access
control, and non-technical methods such as physical security, staff
training and staff supervision.
The Code is voluntary in nature, but it is hoped by the
authorities involved that consumers would exercise their right to
choose operators who adopt the Code, thus encouraging compliance.
In addition, according to section 13 of the PDO, in any legal
proceedings where a contravention of the PDO is alleged to which
the Code is relevant, then failure to comply with the Code will be
admissible as evidence proving such contravention.
The original email legal update is copyright Johnson
Stokes & Master at the date written first above. All rights
reserved. This publication provides information and comments on
legal issues and developments of interest to our clients and
friends. The foregoing is intended to provide a general guide to
the subject matter and is not intended to provide legal advice or a
substitute for specific advice concerning individual situations.
Readers should seek legal advice before taking any action with
respect to the matters discussed herein. Please also read the JSM
legal publications Disclaimer.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
An actuarial review of the Invensys Australia Superannuation Fund showed it to be in surplus to the tune of $189.2 million. In mid 2003, the Invensys Group proposed to the trustee that the surplus be repatriated to the principal employer in the group.
As per a 2015 survey by Nasscom (the National Association of Software and Service Companies) India has paved the way to secure the third position in the world with three to four startups emerging every day, primarily in the areas of e-commerce, consumer services and aggregators.
The NSW Supreme Court held that the accountant was not liable for the investment losses suffered by its client.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).