Only 56 percent of Web sites that were found to have breached the Privacy Ordinance in 1998 have taken remedial action to implement compliance measures in 1999, the office of the Privacy Commissioner for Personal Data (PCO) has reported.
According to the PCO, a revisit to 270 Hong Kong-based Web sites, conducted from April to November last year, showed only a "small stride forward in protecting consumers' privacy online." The Web sites in question were found to be non-compliant a year earlier.
"Under the Ordinance, individuals have the right to be informed of the purposes for which organizations collect their personal data," said Stephen Lau, privacy commissioner for personal data. "Organizations collecting personal data from individuals are required to inform individuals of the purposes for collecting such data. Web sites failing to do so might be in breach of the Ordinance."
Of the 531 sites originally surveyed, 339 were found to have used online data collection forms when they were first checked in 1998, but only 32 percent of those displayed a personal information collection statement (PICS) notifying individuals of the purposes for which their personal data were collected, a requirement of the privacy ordinance. On a positive note, the PICS compliance rate rose to 93 percent in the most recent check.
Lau said that although online organizations are required to have a PPS, it is not a statutory requirement to display the statement online.
"However, the PCO has been encouraging Web sites to make such a statement online as a matter of good practice," he said.
Still, 121 sites -- 44 percent of the revisited Web sites -- did not take any compliance action to meet the requirement of the ordinance. They were sent warning notices, requiring them to take immediate action or face the maximum fine of HK$50,000 and two years in jail.
After the warning, most sites took remedial steps, leaving 16 sites that failed to respond. The PCO said formal investigations are in progress and enforcement notices may result.
The PCO said it recognizes that the compliance check only covers a small portion of the Web population and might not be representative of the overall compliance figures. However, it noted that the checks are necessary to enhance consumer e-commerce confidence by promoting consumer privacy online.