With the increasing use of social networks by businesses, the PCPD has published an information leaflet on “Privacy Implications for Organisational Use of Social Network”. Like the Guide, the information leaflet is not binding but sets out useful examples as to what the PCPD sees as best practice when organisations use social networks for business purposes. Organisations should review their use of social networks to understand whether their current practices comply with the information leaflet.
The leaflet outlines how organisations can safeguard personal data privacy when using social networks to promote their business and the circumstances in which personal data may be collected in a social network environment. It also provides recommendations on good privacy practices when using social networks for marketing, customer services, human resources management and network analytics, and sets out the relevant requirements to be observed under the PDPO. Key takeaways from the leaflet include:
June 2014 | Baker & McKenzie 3
aggregated information collected from social networks may identify an individual and therefore will constitute personal data and the PDPO may apply.
organisations should be transparent with their privacy policies and practices, particularly if data is to be used for marketing or to monitor employees.
Organisations using social networks for recruitment or candidate screening should consider whether the information obtained from the social network is reliable, and can legitimately be taken into account in hiring decisions.
The full text of the information leaflet can be found on the PCPD’s website at: www.pcpd.org.hk/english/publications/files/sn_organisational_e.pdf.