The Consumer Council (CC), the Independent Commission Against Corruption (ICAC), Office of the Privacy Commissioner for Personal Data (PCO) and the Office of the Telecommunications Authority (OFTA) today jointly issued the first-ever Code of Practice on Protection of Customer Information for Fixed and Mobile Service Operators (COP).
"The publication of the COP, which serves as a general guidance for fixed and mobile service operators, marks the enhanced efforts and collaboration of the four organizations towards promoting the importance of protection of customer information and interests," an OFTA spokesperson said.
"In the course of business and provision of services, fixed and mobile service operators collect a large volume of customer personal data. The data, which include customers' telephone numbers, residential addresses and details of call history, may be sensitive in certain circumstances and of value if used for illicit purposes It is therefore necessary to ensure that data relating to customers are properly protected from misuse," the spokesperson said.
The voluntary COP has set out some good practices that should be adopted by fixed and mobile service operators to prevent unauthorized disclosure of customer information.
They cover various issues including ethics and data privacy policy, data classification policy, access control policy, technical measures for protection of customer personal data, location security, staff security and transfer of customer personal data.
"The implementation of data protection policies and measures would safeguard customers' personal data privacy, as well as minimize contravention of the requirements of the Personal Data (Privacy) Ordinance, which in turn helps to build a trustful relationship between service operators and their customers," a spokesman of PCO said.
However, the good practices outlined in the COP are not exhaustive. Fixed and mobile service operators may adopt other standards and measures which can provide reasonably sufficient protection to customer information.
Apart from complying with the requirements of the Personal Data (Privacy) Ordinance, all fixed and mobile service operators are also obliged under the existing telecommunications licence conditions to protect their customer information and should not disclose the information without the consent of the customer for purposes other than those related to the provision of services.
"In a highly competitive market, consumers should exercise their right to choose the service operators who adopt the COP, and through their choice to ensure a high level of standard and put in place the security measure to protect customer privacy," a spokesman of Consumer Council urged.
An ICAC spokesperson also warned that any staff of service operators who solicits or accepts advantages to release customers' information will be in breach of the Prevention of Bribery Ordinance.
"As reputable and responsible fixed and mobile service operators, they should rigorously pursue effective security measures to protect customer information and report suspected corruption to the ICAC," the spokesperson added.
Full text of the COP can now be downloaded from the web sites of :
Consumer Council ( http://www.consumer.org.hk )
ICAC ( http://www.icac.org.hk )
PCO ( https://www.pco.org.hk ) and
OFTA ( http://www.ofta.gov.hk )
Jointly Issued by
Consumer Council
Independent Commission Against Corruption
Office of the Privacy Commissioner for Personal Data
Office of the Telecommunications Authority