Organisation engaging in direct marketing is not only required to have clear policies but should also train its employees on legal requirements to comply with the Data Protection law else it is convicted of violation of PDPA. Interesting judgement by Hongkong Courts on abuse of personal data

-






Image result for data privacyLANDMARK CASE FOR ABUSE OF PERSONAL DATA
SEPTEMBER 2015


In a landmark decision, the Hong Kong Magistrates' Court convicted Hong Kong Broadband Network ("HKBN") of a criminal offence for failing to comply with the direct marketing provisions of the Personal Data (Privacy) Ordinance ("PDPO").

BACKGROUND
The facts of the case are quite unremarkable. It is the decision and - what it means for consumer businesses in Hong Kong - that is noteworthy. A broadband customer received a voicemail from HKBN, reminding him about his contract termination date and offering new service packages. The individual had sent a direct marketing opt-out request to the company, which had been acknowledged by the company in writing. The individual made a complaint to the Privacy Commissioner for Personal Data ("Commissioner"), alleging a breach of the PDPO. The relevant provision is section 35G(3) which requires a data user to cease using an individual's personal data in direct marketing upon that individual's request. Failure to do so is an offence.
The Court did not accept HKBN's defence that the phone call was a "service related call" and necessary to inform the client about his contract coming to an end.
Image result for data privacyThe Court was also not convinced that the precautionary steps taken by HKBN to prevent violations of the PDPO were sufficient to exonerate the company. Those measures included training new staff on legal requirements, amending the client handbook and randomly monitoring two phone calls by employees every week.
The Court convicted the company and imposed a fine of HK$ 30,000.



SIGNIFICANCE OF THE CASE

That HKBN was taken to court and fined for what it might have considered a relatively minor offence, demonstrates the firm approach being taken by the Commissioner, the Police and the Department of Justice in relation to direct marketing.  Enforcement measures will not necessarily depend upon financial loss or other harm being suffered, nor indeed upon the number of individuals impacted. When organisations engage in direct marketing, customers' opt-out requests should be complied with every time. Corporations should adopt clear policies and procedures - particularly with regard to maintaining and updating opt-out lists. Organisation-wide training is essential to mitigate the practical risk of staff breaching the law, and also to substantiate a defence in the event that a breach does occur.
Image result for data privacyThis conviction, which is the first of its kind, will undoubtedly serve as a wake-up call for organisations with institutional complacency on the issue of privacy, and may support a culture of more "responsible" marketing. The maximum penalty for direct marketing offences under the PDPO was raised in April 2013 from HK$ 10,000 to HK$ 500,000 and 3 years' imprisonment. The fine imposed in this instance was relatively low but it is likely that much larger fines will be deemed appropriate for offences involving significant numbers of customers. For large companies, the reputational damage is likely to be more wounding than the fines.

Visit www.dlapiper.com to find out more about Asia.


Comments

Post a Comment

Please share your valuable comments and thoughts on this article. Thanks!

Popular posts from this blog

GDPR Data Protection Case-Law Guide

-
Data Protection Case Laws   https://rm.coe.int/guide-data-protection-eng-1-2789-7576-0899-v-1/1680a20af0 This Guide is part of the series of Case-Law Guides published by the European Court of Human Rights (hereafter “the Court”, “the European Court” or “the Strasbourg Court”) to inform legal practitioners about the fundamental judgments and decisions delivered by the Strasbourg Court. This particular Guide analyses and sums up the case-law on data protection under the European Convention on Human Rights (hereafter “the Convention” or “the European Convention”). Readers will find herein the key principles in this area and the relevant precedents. The case-law cited has been selected among the leading, major, and/or recent judgments and decisions. The Court’s judgments and decisions serve not only to decide those cases brought before the Court but, more generally, to elucidate, safeguard and develop the rules instituted by the Convention, thereby contributing to the observance by th...
Read more

Challenges with Moonlighting by Employees in India

-
A Detailed Deliberation on Moonlighting Moonlighting is undoubtedly the new hot topic that has got everybody talking, so here's a detailed legal deliberation on it. Published on https://www.thinkbridge.com/blog-post/a-deliberation-on-moonlighting August 30, 2024 Ankit, a CA by profession resides in the capital city of Delhi, and he works for one of the Big Four accounting firms. While he earns a seven-figure salary, he still decided to take up a side gig because well we all want more and more! So for the past year, he has been slyly rendering his consultancy services and his clientele has increased steadily, but his employers have no idea about this. Ankit feels that there's no harm in making that extra income as he does his private consultancy work on weekends, whereas on weekdays, he ensures to put his best foot forward in his regular job. And well this is where the new white-collar evil moonlighting seeps into the picture but is it really an evil? To understand t...
Read more

How to handle contract risk and mitigation of the risk- Good read!

-
Image
The Contract Said What? Buffering Employees from Contract Risk By Spiwe L. Jefferson  |  2017-May-30   After issuing communications training and killing text messages that created contractual obligations for the company, our fictitious legal team at Sunderland Manufacturing thought they addressed their last issue at the intersection of employee behavior and litigation risk. Unfortunately, more problems point to a different area of risk worse than the last.   "B arry, we have a problem,” said Jason Parks to Barry Miles, deputy general counsel of Sunderland Manufacturing. Jason was Sunderland’s trial counsel, discussing a multi-million dollar wrongful death suit by the estate of a plaintiff who allegedly died when his Sunderland pacemaker failed. “Did our pacemaker malfunction?” Barry inquired. “No,” said Jason. “Did we fail to instruct the hospital on its use?” Barry asked. “N...
Read more