Guarding Against Abuse of Personal Data in the Public Domain
Many people believe personal data collected from the public domain - such as the companies, land and vehicles registers and even the internet - is open to unrestricted use. This view is incorrect. Personal data, whether publicly available or not, is protected under the Personal Data (Privacy) Ordinance. Technology has exacerbated the risks of a loss of privacy. Advances in the aggregation, matching and further processing of personal data in the public domain means such data mining is now conducted with phenomenal ease and efficiency. Admittedly, such profiling could generate economic and societal benefits. But at the same time, it poses grave privacy risks. It is conceivable that many marketers are using innovative analytics to enhance marketing effectiveness based on data supplied by the customer and data in the public domain. The problem is not so much related to the nature and source of the data but, rather, to the way the data is combined, further processed and used. A use-limitation principle in the ordinance provides that personal data should be used only for the purposes for which it was collected or a directly related purpose, unless exempted for activities such as law enforcement, professional due diligence, and publishing or broadcasting of the data as news and in the public interest.