Dear Colleagues,

Compliance with the Personal Data (Privacy) Ordinance

The Personal Data (Privacy) Ordinance places a legal duty on the College and all staff of the College to properly handle personal data relating to any staff members and students (including both applicants and students).

Under the provisions of the Ordinance, any data subject, the person who is the subject-matter of any personal data, shall enjoy various personal data privacy rights including right of access to his/her personal data. A data user, the person who controls the collection, holding, processing, disclosure, transfer or use of personal data, has to observe the personal data privacy rights of a data subject. Both criminal and civil proceedings may be commenced in the event of any failure to comply with the Ordinance.

It should be noted that the College is liable for any breach of the Ordinance caused through any act or omission on the part of its staff concerning handling of personal data. An individual staff member may also be held personally liable for contravening the Ordinance.

Attached are the guidelines for handling applicant/student data and staff personal data. The Guidelines are available on the staff intranet.

Besides printed records, personal data include electronic data held in the computer and visual records that can be processed or retrieved. A common form of electronic data now being kept is email and we tend to keep more than necessary, sometimes without realising it. It is necessary for all of us to review on a regular basis the information that we keep with reference to the above-mentioned Guidelines in order to abide to the requirements of the Ordinance.

Reference:
- Guidelines on handling staff personal data
- Guidelines on handling applicant / student personal data

College of Professional and Continuing Education
26 June 2008