From the Office of the Privacy Commissioner for Data Protection of Hong Kong:
The 2015 District Council Election will be held on 22 November. The Office of the Privacy Commissioner for Personal Data (“PCPD”) reminds candidates and their election agents to comply with the Personal Data (Privacy) Ordinance (the “Privacy Ordinance”) when collecting and using personal data in electioneering activities.
From the beginning of 2012 to August 2015, the PCPD has received 97 enquiries and 200 complaints relating to electioneering activities. In most of the cases, the complainants were dissatisfied that their personal data was used in electioneering activities without their consent. The PCPD has updated its Guidance Note on Electioneering Activities (the “Guidance Note”) to provide candidates and/or their election agents with practical guidance on compliance with the requirements under the Ordinance.
When engaging a third party in electioneering to process the personal data of voters, candidates and election agents must use contractual or other means to ensure that:
a) any personal data transferred to the data processor is not kept longer than is necessary;
b) the personal data is not used for a purpose other than the one for which the data was collected; and
c) reasonable and practicable steps are implemented to protect the personal data from unauthorised or accidental access, processing, erasure, loss or use.
Meanwhile, the PCPD reminds election candidates that they:
i) should collect adequate but not excessive personal data for electioneering purpose (e.g. Hong Kong Identity Card number should not be collected);
ii) should not collect personal data by deceptive means or by mis-representing the purpose of the collection (e.g. collecting personal data in the pretext of opinion poll or assisting citizens to apply for government welfare);
iii) should, before using personal data from sources other than the voter register for electioneering purpose, obtain express, voluntary and well-informed consent from the data subjects (e.g. the registered voters);
iv) should ensure security of personal data collected and guard against accidental or unauthorised access by unrelated parties; and
v) should destroy the personal data after completion of all the electioneering activities.
The updated Guidance Note will be sent to candidates of District Council Election. It can also be downloaded from the PCPD’s website (www.pcpd.org.hk/english/resources_centre/publications/files/electioneering_en.pdf); a copy of which could be obtained from the PCPD office (12/F, Sunlight Tower, 248 Queen’s Road East, Wan Chai, Hong Kong).