Home
| Databases
| WorldLII
| Search
| Feedback
Privacy Laws and Business International Report |
HONG KONG'S comprehensive employment code will take effect on 1st April 2001. It provides practical guidance to Hong Kong employers, but may also prove useful reading to organisations in other countries.
The Hong Kong Human Resources Code of Practice, published in September by the Office of the Privacy Commissioner, deals with collecting and retaining personal data, data accuracy, its use, security, subject access and the right of correction.
The code is divided into four parts. Part one discusses the general requirements for processing personal data, part two gives practical advice on recruitment-related practices, part three deals with issues related to current employment, and part four gives guidance on how to treat personal data of former employees.
The Human Resources Code of Practice will be of great importance when the Hong Kong Privacy Commissioner, Stephen Lau, evaluates the complaints brought to his attention by data subjects. If the organisation in question has not followed the mandatory provisions of the code, it will be seen as unfavourable to them. The mandatory provisions are derived from the Hong Kong Privacy Ordinance, contravention of which may lead to a court hearing.
GENERAL REQUIREMENTS
All normal data protection principles, such as those regarding fair collection and accuracy of data, apply also to employment data. Hong Kong employers are obliged to inform individuals, before collecting any personal data from them, about the purpose for which the data is collected, to whom the data may be transferred, and whether it is obligatory or voluntary to disclose the data. Individuals also have to be informed of their right of subject access and correction. The code gives an example of how such a purpose statement can be drafted.
Other aspects that are discussed include the accuracy and retention of data, security measures needed, and complying with access and correction requests.
The code states that employers should not hold data for longer than two years in the case of recruitment related data (two years from rejecting a job applicant), and no longer than seven years in the case of an employee who leaves employment. This rule can be extended if the employee has given his consent, or there is a reason that obliges the employer to retain the data for longer.
RECRUITMENT ADVICE
The section on recruitment-related practices goes into much detail on collection of data from job applicants, advertising job vacancies, internal records about applicants, processing applications and seeking references.
On internal records, the code recommends that if an employer wishes to consult personal data of an applicant in a later recruitment exercise, he may do so if he has a general policy to retain data for such a purpose, if he has stipulated the retention period for keeping such data, and if the applicant has not specifically objected to the use of the data. Data should be used only for a directly related purpose unless the applicant consents to the use of his data for other purposes.
With regard to seeking additional information about a job applicant, the code states that "recording the details of candidates' outside activities and interests might be excessive unless the employer can demonstrate that such detail is relevant to the inherent requirements of the job." It is allowed, however, to gather additional information for certain positions with the help of psychological tests, security vetting or integrity checking.
The Privacy Commissioner's Office also advises on how to treat the personal data of unsuccessful job candidates. The data should not be retained for more than two years. As a matter of good practice, the employer should inform job applicants about this policy, and provide them with the opportunity to have their data deleted.
CURRENTLY EMPLOYED
In addition to the data provided by employees at the time of their recruitment, employers may collect the following personal data:
a) Records of remuneration and benefits paid
b) Records of job postings, transfers and training
c) Records of medical checks
d) Written records of disciplinary proceedings
e) Performance appraisal reports
f) Written reports of staff planning exercises involving the employee
g) Written reports of promotion exercises.
Disclosure or transfer of employment- related data requires that the data will be accessible only to the recipient in question, and no other third parties. The code provides an example of such a situation: "An employer may employ external professional services, such as legal representatives or consultants to advise on human resources management matters. In doing so, the employer should avoid disclosure of data in excess of that necessary for the purpose of the use by the recipient in providing the service. For example, personal data such as a home address or detailed salary payment of individual employees would generally be unnecessary for use by a management consultant who is engaged to devise a career development plan for employees."
If personal data are transferred due to a planned merger, such data should be limited to a minimum that is necessary for the potential new owner to make a decision on the quality of the workforce. More personal data may be disclosed about the key employees, such as salary, job title, the length of service, promotion history, qualifications, achievement and assessment of strengths and weaknesses.
FORMER EMPLOYEES' MATTERS
Former employees' data is subject to access and correction by the employee. Employers should take steps to ensure that only relevant information is retained, and that it is accurate. Data may be needed, for example, for statutory requirements, such as retention of tax records, or for the purpose of providing future job references. Data of former employees may be held for seven years. It should be stored separately from the personal details of existing staff. In a case of the death of a former employee, employers may also retain the personal data of relatives for the administration of a company retirement fund.
All the issues mentioned here are discussed at length in the 51-page Code of Practice on Human Resources Management. It is available on the website of the Hong Kong Privacy Commissioner, http://www.pco.org.hk Tel: + 852 2827 2827 Fax: + 852 2877 7026. The code may be reproduced for non-profit making purposes provided that the author of the code is acknowledged.
WorldLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.worldlii.org/int/journals/PLBIRp/2000/51.html