CONFIDENTIAL ##
機密
11
22.
It appears to the Working Group that without. comprehensive legislation, there are two possible "authorities" that could be designated to receive complaints and take on responsibility for general surveillance of compliance with the Data Protection Code of Practice and investigation of complaints so far as that would be possible without comprehensive legislation. One is the Consumer Council, which would require minor amendments to the Consumer Council Ordinance (Cap. 216), and the other is a designated officer within the Administrative Services and Information Branch. The Consumer Council's impartiality and independence would be likely to be favoured by the private sector. Another authority which has been considered by the Working Group is the Government Data Processing Agency which has the expertise in computer applications. However, since some of the complaints may relate to Government computer systems for which the Agency could be held responsible and its impartiality could therefore be questioned with regard to those complaints, the Working Group considers that the designation of the Agency in this role may not be entirely appropriate.
Summary of the Working Group's Recommendations
23.
To summarize, the Working Group recommends that :-
(a)
(b)
(c)
(a)
the principles and guidelines already endorsed for use within the public sector be suitably amended and published as a Data Protection Code of Practice and the private sector be invited to comply with the same (paragraph 21);
both the guidelines and the Data Protection Code of Practice be reviewed one year after this report is endorsed and implemented by Government (paragraphs 8 and 21);
the applicability and effectiveness of the guidelines and principles adopted by Government Departments and the Data
Protection Code of Practice recommended for adoption by the private sector be kept under constant review with a view to ascertaining whether there is a need to introduce legislation (paragraph 21);
an appropriate authority should be designated by Government to receive complaints of non-compliance with the recommended guidelines (for Government Departments) or the Data Protection Code of Practice (for the private sector) and to
CONFIDENTIAL
機密
No comments yet.
Private notes are available after approval.