The protection of privacy in relation to personal data is the concern of every person in the Equal Opportunities Commission (EOC) Office. We respect personal data and are committed to fully complying with the data protection principles and all relevant provisions of the Personal Data (Privacy) Ordinance which apply to any person (data user) that controls the collection, holding, processing or use of personal data and any person (data subject) who is the subject of such data.
Definition of Personal Data
Personal data means any data relating to a living individual from which it is practicable for the identity of the individual to be directly or indirectly ascertained and in a form in which access to or processing of the data is practicable. Personal data covers both factual information and expressions of opinions contained in any document, including documents in writing and other forms of documents, such as discs, tapes, films and other such devices.
The following data protection principles will be observed.
Kinds of Personal Data Held
- Principle 1 - Purpose and manner of collection
Personal data will be collected for a lawful purpose directly related to a function or activity of the EOC Office. Only data which is necessary for or directly related to that purpose will be collected and the EOC Office will ensure that the data are adequate but not excessive. The collection will be lawful and by fair means, and all practical steps will be taken to ensure that the data subject is informed of the purpose of its collection, whether the data subject is obliged to supply the data, the consequences of not supplying the data, the class of persons to whom the data may be transferred, the rights of the data subject to request access to and /or correction of the data and the name and address of the person to whom such request may be made.
- Principle 2 - Accuracy and duration of retention
All practical steps will be taken to ensure that personal data are accurate and up-to-date. Personal data shall not be kept longer than is necessary to fulfil the purpose (including any directly related purpose) for which the data are to be used.
- Principle 3 - Use of personal data
Data subjects are assured that without their prescribed consent, their personal data will not be used for any purpose other than the purpose designated at the time of collection or a directly related purpose.
- Principle 4 - Security of personal data
All practical steps will be taken to ensure that personal data are protected against unauthorised or accidental access, processing, erasure or other use.
- Principle 5 - Information to be generally available
All practical steps will be taken to ensure that a person can ascertain the EOC Office's policies and practices in relation to personal data, the kind of personal data held by it and the main purposes for which such data are held or are to be used.
- Principle 6 - Access to personal data
A data subject is entitled to ascertain whether the EOC Office holds his/her personal data and to request access to and/or correction of his/her personal data.
There are three broad categories of personal data held in the Equal Opportunities Commission Office. They are personal data contained in:
||Records of public enquiries & complaints related to anti-discrimination legislation, which include records containing information supplied by data subjects and data users and collected in connection with the handling of enquiries, complaints, investigations, conciliation, legal proceedings and other related activities pursuant to the EOC's statutory obligations under the relevant provisions of the Sex Discrimination Ordinance, Cap.480 ("SDO"), the Disability Discrimination Ordinance, Cap. 487 ("DDO") and the Family Status Discrimination Ordinance, Cap 527 ("FSDO").
||Personnel records,which include personal details, job particulars, details of salary, payments, benefits, performance appraisals, disciplinary matters, etc. of every person employed with the Office and of applicants to the posts of the Office.
||Other records, which include administration and operational files, papers and minutes of meetings, quotations and prices of purchased stores and equipment, proposals and contracts for services and consultancy services, etc., of which the personal identity of individuals can be ascertained.
The records described at A above are maintained by the operations division of the EOC and by the Legal Service Division. The records described at B and C above are maintained by the Planning and Administration Division of the EOC.
Main Purposes of keeping Personal Data
Personal data held in:
Access to Personal Data and Correction
- Records of public enquiries & complaints related to anti-discrimination legislationare kept for the purposes of carrying out the statutory duties, including responding to and taking follow-up action on enquiries and complaints, conducting investigations and undertaking conciliation between the parties concerned, and commencing legal proceedings and taking any enforcement action;
- Personnel records of employees are kept for human resource management purposes, relating to such matters as recruitment, appointment, benefits administration, employees' compensation, termination, performance appraisal, discipline and the like; and
- Other records are kept for various purposes which vary according to the nature of the record, such as administration of the office functions and activities, seeking advice on policy or operational matters, procurement of stores and equipment, acquisition of services, etc., and such records contain personal identifiers (e.g. minutes of meetings attributing views of individual members).
The EOC office recognises an individual's right of access to and correction of personal data in accordance with the Personal Data (Privacy) Ordinance. To ensure compliance with the Ordinance, data access and correction requests to the EOC office are handled by:
- Director(Operations) and the Chief Legal Counsel for personal data held in public records of enquiries and complaints in respect of anti-discrimination legislation in their respective areas of work, and
- Director(Planning and Administration) for personal data held in all other records.
Any request for access to personal data and correction should be made in writing to the directorate staff concerned. All requests will be promptly attended to and the response will be made no later than 40 days after its receipt. For correction requests, a written confirmation together with a copy of the corrected personal data will be provided to the requesters after correction has been made. Where a request is refused, the requester will be advised in writing of the refusal and the reason for refusal within 40 days after its receipt. Particulars of refusal to supply data, refusal to correct data and the reasons for so doing will be recorded in the respective data protection log books. The log books will be kept for at least 4 years and available for inspection by the Privacy Commissioner. Any appeal on refusals of data access and/or correction requests should be directed to the Chairperson who will advise on the appropriate action to be taken.
Exemptions to Access
The Personal Data (Privacy) Ordinance provides the following exemptions from the obligations to provide access to personal data:
- a broad exemption for personal data held for domestic or recreational purposes
- exemptions from certain employment related personal data, such as:
- personal data relating to staff planning
- personal data generated by certain evaluative processes, including a recruitment or promotion exercise, prior to a decision being taken and where an appeal can be made against such decision
- personal data in a personal reference given outside the ordinary course of occupation; where the personal reference is given on or after 20 December 1996, the exemption is only up to the time the position is filled.
- personal data of current employees provided prior to 20 December 1996 on the basis that the data subject would not have access (such exemption from right of subject access expires on 3 August 2002)
- exemptions from subject access and use of personal data where disclosure is likely to cause prejudice to certain public or social interests, such as security, defence and international relations; prevention or detection of crime; assessment or collection of any tax or duty; news activities; legal professional privilege; and health of a data subject.
The following is maintained to ensure compliance with the Personal Data (Privacy) Ordinance:
- Two log books, as provided for in section 27 of the Ordinance, be kept under lock in the Personnel Section of the EOC office as follows:
- one in respect of refusals of data access and/or data correction requests in relation to personal data held in records of public enquiries and complaints related to anti-discrimination legislation
- one in respect of refusals of data access and/or data correction requests in relation to personal data held in all other records
- Internal operating procedures dealing with the handling of enquiries and complaints from the public related to anti-discrimination legislation, which include procedures for compliance with the Personal Data (Privacy) Ordinance and Internal guidelines on dealing with Personal Data in relation to all other areas. The first document is available to and for use by staff in the operation divisions while the second document is available to and for use by personnel and administrative staff.
- Data Request Form (click to download the form) for ascertaining personal data and data access/correction requests of personal data held by the EOC office
The EOC Office will charge for each request made under the Personal Data (Privacy) Ordinance for ascertaining personal data held and access / correction to personal data kept in the office as follows:
|Processing fee :
||$50 per request
|Photocopying charges :
||$2.5 per page
The initial processing fee is non-refundable and payment is required when data request is made. Photocopies of the data requested will only be provided upon payment of charges. The requester will be advised in advance of the charges.
Issued in Sep 1999
Revised in Jul 2006