GF 323
CONFIDENTIAL
- 6 ·
機密
computer data without authority in a range of contexts. The main drawback with the self-regulatory approach is that the enforcement of the legislation is left to the individual in seeking redress through the courts. Further, compliance with the detailed statutory regulations is time-consuming and expensive for the data user. The average man in Hong Kong is likely to find the prospect of commencing a civil action to enforce his data protection rights daunting.
14.
The compulsory compliance approach
This approach, adopted in Britain, is one of positive registration. It involves the enactment of legislation and the appointment of a supervisory authority to oversee the workings of the legislation. Under the UK legislation, it is a statutory requirement for all users of data systems which automatically process information relating to identifiable individuals to register with the Data Protection Registrar. If data users fail to register, or if the Registrar refuses to accept an application for registration, data users commit a criminal offence if they continue to process personal data in their possession. The system is very comprehensive and is aimed at preventing personal data from being mishandled through inaccuracy, loss, or unauthorized disclosure to third parties. However, albeit comprehensive, the system is at the same time extremely cumbersome and has attracted considerable criticism. In the current situation of inexpensive and very widespread computer applications, the machinery which must be required to support the efficient functioning of the Registrar will amount to a bureaucracy of its own. Moreover, the cost to be incurred in the conversion of existing computer systems to comply with data protection legislation is likely to be very substantial. The Working Group is advised that if the Hong Kong Government was to comply with the Seventh Principle alone, the costs likely to be incurred for the conversion work would amount to $5 million. This covers staff costs for amending programmes only and does not include other costs such as computer hardware, stationery, staff support, etc. In the case of a multi-national bank, the Working Group is advised, the cost for conversion of its computer system could possibly be in the region of $100 million.
15.
Apart from these implications, there are also other arguments against this approach. First, the Government has been successful in pursuing a policy of not intervening in private sector matters unless absolutely necessary. The implementation of data protection legislation, therefore, goes against this trend. total compliance with such legislative requirements would
Second,
CONFIDENTIAL
機密
No comments yet.
Private notes are available after approval.