- with the above guidelines and instructions, and prevent recurrence of similar contravention of the Ordinance.
Investigation Case (3): H-Privilege Limited Disclosed a Resident's Phone Number to Another Resident Without Consent
Case Background
- The complainant was a resident of Parker 33 in Shau Kei Wan, which was managed by H-Privilege Limited (H-Privilege). On 14 July 2021, the complainant received a call from another resident to whom he had never given his phone number. The resident told the complainant that he had obtained the complainant's phone number from a security guard of Parker 33.
Investigation Findings and Contraventions
H-Privilege Contravened DPP3(1)
- DPP3(1) and (4) of Schedule 1 to the Ordinance stipulates that personal data, without the express and voluntary consent of the data subject, shall only be used (including disclosed or transferred) for the purpose for which the data was to be used at the time of the collection of the data, or a purpose directly related to the purpose.
- In the present case, the security guard in this case failed to abide by H-Privilege's established policy on the handling of personal data, and disclosed the complainant's phone number to the resident concerned without obtaining prior authorisation of staff at manager level or above and/or the complainant's consent. Moreover, the Commissioner was of the view that the complainant gave his phone number to H-Privilege at the outset for communication about property management. The security guard's disclosure of the complainant's phone number to the resident concerned for private communication was a significant deviation from the purpose of use for which the complainant had consented to, and was also inconsistent with H-Privilege's original purpose of collection.
- Hence, the Commissioner found that H-Privilege had contravened the requirements of DPP3(1) as regards the use of personal data.
6
