The Office of the Privacy Commissioner for Personal Data (PDPC) in Hong Kong has published new guidelines for the banking industry on how to meet its data protection obligations.
The move is the result of the increasing number of complaints against banks' privacy protection practices. Allan Chiang, Hong Kong's privacy commissioner for personal data, said in a press statement that the banking industry "has long been among the top three private sector organisations being complained against." He added that his office received 373 complaints in 2013-2014, an increase of 175 complaints during the 2012-2013 period.
"Taking into consideration the large customer database maintained by the banking industry and the sensitive nature of the personal financial information involved, we consider it appropriate to publish the Guidance Note to promote and reinforce the banking industry's compliance with the Ordinance in handling customers' personal data," he said.
Scope of guidance note
The guidance covers various data protection issues including real work situations commonly encountered by practitioners. These situations include collecting personal data from customers, sharing that information within the same banking group, disclosing customers' personal data to law enforcement agencies and financial regulators, and handling customers' data access requests.
According to PDPC's press statement, the guidance draws references from the decisions of the Administrative Appeals Boards on relevant cases. It is also based on the determinations in past complaint cases handled by the PCPD, and views from the Personal Data (Privacy) Ordinance Working Group of the Hong Kong Association of Banks.
Sign up for CIO Asia eNewsletters.