It is very common for employers to install some forms of employee monitoring devices in the work place, e.g. hidden video cameras, surveillance software in respect of the usage of email and access to the Internet as well as the recording of telephone calls. As more and more employees are being monitored at work, some argue that these surveillance activities constitute an intrusion into an individual’s privacy rights.
Under Hong Kong law, the Personal Data (Privacy) Ordinance ("Ordinance") protects the privacy of individuals in relation to personal data, being any data (i) relating directly or indirectly to a living individual; (b) from which it is practicable for the identity of the individual to be directly or indirectly ascertained; and (c) in a form in which access to or processing of the data is practicable.
Pursuant to section 12 of the Ordinance on 8 March 2002, the Office of the Privacy Commissioner issued a draft Code of Practice on Monitoring and Personal Data Privacy at Work ("Code") to seek public views on matters relating to employee monitoring. The purpose of the Code was to provide guidance to employers who engage in practices that monitor and record the activities and behaviour of employees at work. In order to comply with the data protection principles stipulated in the Ordinance, the Code was also based on the following 2 principles :-
The Principle of Proportionality
An employer should ensure that the level of employee monitoring is proportional to the benefits of monitoring to a reasonable employer. Therefore, any employee monitoring should be targeted and applied on a limited duration basis.
The Principle of Transparency
An employer must inform employees in writing of the monitoring devices to be adopted at work so that they understand what data is to be collected and the purposes of such collection.
The public consultation lasted for 3 months until :-)une 2002 and 71 written submissions were received from individuals, employers from both private and public sectors and representative associations. In response to the Code, there was a broad expression of opinion ranging from strong support to strong opposition. Respondents who were mainly employer groups opposed the Code by arguing that employers have the right to monitor employees in order to protect their property, prevent theft and assist in service quality and management of productivity. Further, compliance with the Code might incur additional costs and impose a burden upon employers. On the other hand, individuals, the private sector and professional bodies tended to support the Code as more transparency in the work place would be beneficial to an employer-employee relationship.
New Guidelines to be Issued
In order to balance the legitimate business needs of employers and the personal data privacy interests of employees, after more than a year of consultation and discussions, the Commissioner decided on 18 December 2003 to develop guidelines on the subject of employee monitoring pursuant to section 8(5) of the Ordinance instead of a binding Code. According to the Report on the Public Consultation in relation to the Code, the issuance of guidelines can produce a set of fair personal data management practices pertaining to work place monitoring for the benefit of employers, employees and the general public. We believe that this is significant for employers as non-compliance with a Code could be regarded as a breach of the law and subject to prosecution.
The preference for issuing guidelines provides employers flexibility and discretion in the monitoring and investigating of any abuses or wrongdoings committed by employees. The guidelines will only be regarded as a model which can be modified to suit the specific needs of employers who will have the right to adopt them or not.
The guidelines proposed by the Commissioner will emphasize the principles of the Code which requires employers to be transparent and accountable for the monitoring practices they adopt in the work place. This ensures employees are clearly informed of the monitoring practices and intentions so that their personal data privacy rights can be adequately protected.
The Commissioner plans to publish the guidelines within this year and we will inform our clients when they appear. Members of our firm will be happy to provide a copy of the Report on the Public Consultation on the Code on request.
The content of this article is intended to provide a general guide
to the subject matter. Specialist advice should be sought about your
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
On 12 August 2016, the Cyberspace Administration of China (CAC), the General Administration of Quality Supervision, the Inspection and Quarantine of China (GAQSIQ), and the Standardisation Administration of China (SAC) jointly released Several Guidelines to Strengthen National Cybersecurity Standardisation (the "Guidelines").
On July 21, the Personal Data Protection Commission ("PDPC") imposed a $5,000 fine on Toh-Shi Printing Singapore for its failure to implement proper and adequate verification procedures...
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).