Hong Kong needs to plug its privacy loopholes
Privacy has received unprecedented public attention worldwide as a result of the Edward Snowden saga last year. Coincidentally, the Privacy Commission in Hong Kong also had a busy year. The office was flooded with a record number of complaints, and more warnings and enforcement notices issued than before. While the increase may stem from stronger public awareness, it also shows privacy protection still leaves a lot to be desired.
The 48 per cent jump to 1,792 complaints last year was attributed to tightened rules about direct marketing. This came after controversies sparked by the Octopus Card company, which sold the personal data of more than a million customers for direct marketing purposes. The watchdog also referred 20 cases to the police for possible prosecution, the majority of which were marketing-related. The surge suggests companies have yet to give serious attention to the problem. As the commissioner rightly urged, better efforts are needed to make privacy protection part of corporate governance responsibility.
As our daily life becomes increasingly dependent on new technologies, the risk of privacy breaches also increases. Sadly, statutory protection and safeguards are still far from adequate. An obvious loophole is the lack of regulation for cross-border transfer of personal data. It is baffling that the provision seeking to prevent the transfer of data to jurisdictions without sufficient privacy protection has still not been put into force over the past 19 years. As urged by the watchdog, the provision should be enforced as soon as possible or Hong Kong's status as a financial and regional information hub will be undermined.