Page:Improper Collection, Retention, Use and Storage of Personal Data of Residents and Visitors by Property Management Companies.pdf/5

From Wikisource
Jump to navigation Jump to search
This page has been proofread, but needs to be validated.

Creative Property Services Contravened DPP4(1)

  1. DPP4(1) of Schedule 1 to the Ordinance stipulates that all practicable steps shall be taken to ensure that any personal data held by a data user should be protected against unauthorised or accidental access, processing, erasure, loss or use.
  2. Regarding the use of a common form to acknowledge receipt of masks, the Commissioner was of the view that Creative Property Services would have been able to prevent irrelevant persons from accessing the personal data by properly covering the personal data or using individual forms for registration, as well as providing proper training for frontline staff before the mask distribution activity had taken place. Regarding the alleged placing in public of the Receipt Record in the paper box beside the work desk, from the photo provided by the complainant, the Receipt Record had indeed been placed beside the work desk and the personal data therein could be clearly seen by passers-by.
  3. Having considered the above, the Commissioner was of the view that Creative Property Services had not taken all practicable steps to protect the residents' personal data in the Receipt Record against unauthorised or accidental access, processing, erasure, loss or use, in such a way that the requirements of DPP4(1) as regards security of personal data had been contravened.

Enforcement Action

  1. The Commissioner has served an Enforcement Notice on Creative Property Services directing it to confirm destruction of the residents' personal data collected during the mask distribution activity, and to formulate guidelines on setting the retention period of personal data collected. Moreover, Creative Property Services shall, through circulars and/or routine instructions, request its staff to strictly follow the instructions in processing personal data, and remind them to properly handle and keep the documents or records containing personal data.
  2. Moreover, the Commissioner has also directed Creative Property Services to include the above guidelines and instructions in staff training to enhance their awareness of personal data protection, and conduct effective and regular monitoring to ensure ongoing implementation of and compliance

5

Retrieved from "https://en.wikisource.org/w/index.php?title=Page:Improper_Collection,_Retention,_Use_and_Storage_of_Personal_Data_of_Residents_and_Visitors_by_Property_Management_Companies.pdf/5&oldid=13468898"