- What would the Office for Personal Data Protection advise regarding the data retention period of data of former staff?
- In Decree-law 73/89/M there are provisions for the archiving periods of historic files in Macao. The Personal Data Protection Act also has provisions for the data archiving periods. Which should be taken as standards?
- In its daily operation, an institution collects copies of people’s IDs. How long should it keep the copies? What are the things it must heed when handling the ID copies?
- A data controller using automatic processing devices must notify the Office for Personal Data Protection. What is automatic data processing?
- Is it legal for institutions to have their visitors’ personal data registered for security reasons?
- How long should an employer keep the personal data of a former employee?
- What consequences will an employer take if he or she installs and runs a surveillance system in a workplace without informing the employees working there?
- When an employer uses surveillance of employees in workplace, is it compulsory by law for the employer to make a personal data collection statement to the employees about the surveillance?
- When the employees are informed of the existence of a surveillance system, can they object?
- What is meant by “areas of high risks” mentioned in respect of the principle of proportionality expounded in Principles concerning the protection of personal data in the workplaces: guidelines for employee monitoring?
- Will Principles concerning the protection of personal data in the workplaces: guidelines for employee monitoring pose a hurdle to an employer’s effective management?
- What are the consequences of an enterprise not abiding by its personal data collection statement in running its surveillance on employees?
- Where employees are allowed to communicate with customers using institution-provided MSN, is it legal for the employer to monitor the employees’ conversation with customers (given that such conversation may involve privacy)?
- Are the Principles concerning the protection of personal data in the workplaces: guidelines for employee monitoring compulsory in any way?
- Are the Principles concerning the protection of personal data in the workplaces: guidelines for employee monitoring the implementation rules of Law no. 8/2005? Are the Guidelines in conflict with the Basic Law?
- How should one view employee surveillance for assessing employee performance, which involves many aspects?
- How do you define monitoring? If computer systems come with monitoring functions enabled, but the employer claims that monitoring is not his or her purpose, how should we take it?
- Do the Principles concerning the protection of personal data in the workplaces: guidelines for employee monitoring pertain to the code of conduct referred to in Article 26 of the Personal Data Protection Act?
- When retrieving data gathered from employee monitoring, the employer must ensure the presence of the employees whose data are concerned, or that they be properly informed. If, however, an employee is suspected of illegal conduct, criminal offence or admin
- To prevent the outsourced workers from staying idle in work hours, can we install camera surveillance device in the workers’ sitting room? Can we install surveillance device in our security room?
- If a staff member wants to review the surveillance data collected by the employer, does he or she need the approval of his or her Chief?
- How to distinguish security systems from monitoring ones?
- While institutions may install CCTV systems in reception facilities and high-risk areas, can they install surveillance systems in the workplaces of the staff?
- Can employee surveillance data be reviewed in an internal hearing?
- An institution has CCTV system on its premises for security reasons. Can staff ask to review the CCTV recordings for evidence for judging the dispute they have had in the lobby?
- Nowadays most facilities, such as hotels, banks and government agencies, have CCTV systems. Do such systems intrude on people’s privacy?
- While employers should not monitor employees in non-office hours, CCTV systems usually run 24 hours/day. Is it legal?
- In the Principles concerning the protection of personal data in the workplaces: guidelines for employee monitoring, it is advised that under special circumstances the data of monitoring should be kept for no more than 6 months. What are special circumstan
- Is it appropriate to have video camera surveillance in a dining room where staffs have meals with no expensive apparatus or belongings stored there?
- What consequences will an employer take if he or she installs and runs a surveillance system in a workplace without informing the employees working there?
- When the employees are informed of the existence of a surveillance system, can they object?
- What is meant by “areas of high risks” mentioned in respect of the principle of proportionality expounded in Principles concerning the protection of personal data in the workplaces: guidelines for employee monitoring?
- Will Principles concerning the protection of personal data in the workplaces: guidelines for employee monitoring pose a hurdle to an employer’s effective management?
- Where data processing is automatic, the processing institution must notify the Office for Personal Data Protection. If the Office finds that something violates the law, will the Office demand rectification of the institution?
- Where employees are allowed to communicate with customers using institution-provided MSN, is it legal for the employer to monitor the employees’ conversation with customers (given that such conversation may involve privacy)?
- Under what circumstances may employers monitor their employees by virtue of the Principles concerning the protection of personal data in the workplaces: guidelines for employee monitoring?
- What kind of employee monitoring is legal, according to the Principles concerning the protection of personal data in the workplaces: guidelines for employee monitoring?
- While it is legal to monitor consulting phone calls from the public, given the public and the employees are properly notified, is it legal if the monitoring is run only to know whether there is [internal] data leakage?
- Are the Principles concerning the protection of personal data in the workplaces: guidelines for employee monitoring compulsory in any way?
- Are the Principles concerning the protection of personal data in the workplaces: guidelines for employee monitoring the implementation rules of Law no. 8/2005? Are the Guidelines in conflict with the Basic Law?
- How do you define monitoring? If computer systems come with monitoring functions enabled, but the employer claims that monitoring is not his or her purpose, how should we take it?
- Do the Principles concerning the protection of personal data in the workplaces: guidelines for employee monitoring pertain to the code of conduct referred to in Article 26 of the Personal Data Protection Act?
- When retrieving data gathered from employee monitoring, the employer must ensure the presence of the employees whose data are concerned, or that they be properly informed. If, however, an employee is suspected of illegal conduct, criminal offence or admin
- To prevent the outsourced workers from staying idle in work hours, can we install camera surveillance device in the workers’ sitting room? Can we install surveillance device in our security room?
- Usually incoming query calls from the public are audio recorded. If an executive wants to ascertain whether answers offered are correct, can he or she sample check the audio recordings?
- How to distinguish security systems from monitoring ones?
- While institutions may install CCTV systems in reception facilities and high-risk areas, can they install surveillance systems in the workplaces of the staff?
- Can employee surveillance data be reviewed in an internal hearing?
- An institution has CCTV system on its premises for security reasons. Can staff ask to review the CCTV recordings for evidence for judging the dispute they have had in the lobby?
- CCTV systems installed for security purposes may take image data of staff members. Is it legal?
- While employers should not monitor employees in non-office hours, CCTV systems usually run 24 hours/day. Is it legal?
- In the Principles concerning the protection of personal data in the workplaces: guidelines for employee monitoring, it is advised that under special circumstances the data of monitoring should be kept for no more than 6 months. What are special circumstan
- If an employee is found sleeping in a warehouse via a CCTV system installed for security purposes, can the employee be disciplined based on the evidence derived from the CCTV?
- Is it appropriate to have video camera surveillance in a dining room where staffs have meals with no expensive apparatus or belongings stored there?
- Can a household have a video monitoring device to monitor any helper (or nanny) taking care of the household’s baby? Is this practice in compliance with the Personal Data Protection Act?
- When an employer uses surveillance of employees in workplace, is it compulsory by law for the employer to make a personal data collection statement to the employees about the surveillance?
- What are the consequences of an enterprise not abiding by its personal data collection statement in running its surveillance on employees?
- How do you define monitoring? If computer systems come with monitoring functions enabled, but the employer claims that monitoring is not his or her purpose, how should we take it?
- Before the Personal Data Protection Act came into effect, most institutions did not make personal data collection statement when collecting data of their employees. How should the employers comply with the law in this regard from now on?
- If a staff member wants to review the surveillance data collected by the employer, does he or she need the approval of his or her Chief?
- According to the Administrative Procedural Code, a person against whom a law-enforcing action is to be taken must be informed of the action via a return registered letter. Since the data subject tend to provide incorrect addresses, it is often difficult t
- If an institution collects personal data for running a course or activity, must it make a personal data collection statement? If so, must the statement be printed upon the application form?
- Institutions tend to ask visitors to provide their personal data. Must the institutions have their personal data collection statement handy at their reception counters?
- How to distinguish security systems from monitoring ones?
- Can an employer access an employee’s computer to review the data therein in the absence of the employee?
- While institutions may install CCTV systems in reception facilities and high-risk areas, can they install surveillance systems in the workplaces of the staff?
- Can employee surveillance data be reviewed in an internal hearing?
- If a shop has CCTV system installed on its business premises, must it inform the customers of the surveillance? Must it tell customers about the purposes of surveillance?
- If a company needs to send its staff’s personal data to a government agency, must it say so in its personal data collection statement? Must its statement have the staff's signatures?
- If staff are forbidden to use company equipment for personal purposes in office hours, does the employer have the right to access and review data on such equipment anytime?
- Is it legal for institutions to have their visitors’ personal data registered for security reasons?
- When the personal data collection statement is ready, should we put it up on the company notice board or have it signed by every employee?
- CCTV systems installed for security purposes may take image data of staff members. Is it legal?
- In the case of a customer complaint, can we review the audio recording for evidence? Can we use the audio recording of the conversation between a clerk and a customer as training material? If a recording contains the warning “in order to ensure service qu
- Our company often receives letters from banks, hotels, etc., asking about our former employees such as their performance during employment with us, salary level, among other things. While such letters usually come with the written approval of the employee
- Will Principles concerning the protection of personal data in the workplaces: guidelines for employee monitoring pose a hurdle to an employer’s effective management?
- When holding recruitment exams, government agencies tend to refer the applicants’ personal data to the Identification Bureau for verification. Does it require prior consent of the applicants? If an applicant objects, what can we do?
- If we use Fingerprint Attendance Systems for attendance logging, do we have to notify the Office for Personal Data Protection?
- When hiring workers for confidential data processing, can institutions review their background (e.g. family members’ status)?
- Can institutions use their staff’s or students’ photos on their WebPages or in journals for administrative or operational reasons? Does it require the consent of the data subject?
- Must government agencies obtain consent of their staff to upload the staff’s photos to the intranet to be accessed and reviewed by the Chiefs and Personnel Executives?
- Can audio recordings be legally made of recruiting interviews?
- Can we upload staff names list onto the intranet to facilitate institution-wide search for office numbers and phone numbers?
- Usually incoming query calls from the public are audio recorded. If an executive wants to ascertain whether answers offered are correct, can he or she sample check the audio recordings?
- If an institution collects personal data for running a course or activity, must it make a personal data collection statement? If so, must the statement be printed upon the application form?
- Government portals tend to have log-on windows for visitors to log onto websites of other agencies. For example, on the website of Public Administration and Civil Service Bureau allow visitors to log onto the Retirement Fund system. The Bureau and the Fun
- Is it legal to demand that service providers provide a list of their personnel before allowing their personnel to enter an entity to work?
- Can an employer access an employee’s computer to review the data therein in the absence of the employee?
- A staff member of a management company was often reported to sleep during work hours. The employer secretly shot a video footage of the employee dozing during duty hours, to be used as evidence for sacking the employee. Did the employer commit intrusion o
- The employees’ right to objection is a legal right. Does it mean that employees may refuse to provide personal data to employers? What is a substantial reason?
- Can institutions require their employees to provide health reports?
- If staff are forbidden to use company equipment for personal purposes in office hours, does the employer have the right to access and review data on such equipment anytime?
- Can an employer oblige if he or she is approached by someone seeking information about a former employee’s job performance, with the authorization to obtain such information signed by the former employee in question?
- Must an institution appoint a personal data officer? If so, must it inform the Office of its appointment?
- If a dossier of an employee contains only Certificate of Criminal Record, but it is kept in the same file cabinet with other dossiers, is it proper?
- Are companies responsible for taking proactive actions to correct customer data? For example, adding “28” or “6” to their contact numbers where necessary.
- Our company often receives letters from banks, hotels, etc., asking about our former employees such as their performance during employment with us, salary level, among other things. While such letters usually come with the written approval of the employee
- Can a government agency require its staff to provide travel documents to prove that they have been out of Macao during their special vacations?
- Is it appropriate to have video camera surveillance in a dining room where staffs have meals with no expensive apparatus or belongings stored there?
- Is it appropriate for institutions to make public on their websites the name list of job seekers who sit through their exams?
- Is it appropriate for companies to require each of their staff to surrender their office computers’ turn-on passwords?
- A company plans to buy for its staff insurance policies from an insurance company in Hong Kong. Does it have to apply to the Office for Personal Data Protection for approval?
- Can one have one’s CV and ID document copies back from the recruiting entity to which one submitted the copies when applying for a job, if one eventually decides not to take the job or if one fails to get it?
- Is it an infringement on staff’s privacy if a government agency displays on its premises a list of seniority of its staff?
- The in-service certificate issued by an agency to a public servant bears the data subject’s ID document number and job details. Is this practice subject to the Personal Data Protection Act? If so, is anything about the practice against the Act?
- What would the Office for Personal Data Protection advise regarding the data retention period of data of former staff?
- In Decree-law 73/89/M there are provisions for the archiving periods of historic files in Macao. The Personal Data Protection Act also has provisions for the data archiving periods. Which should be taken as standards?
- How long should an employer keep the personal data of a former employee?
- In the Principles concerning the protection of personal data in the workplaces: guidelines for employee monitoring, it is advised that under special circumstances the data of monitoring should be kept for no more than 6 months. What are special circumstan
- In its daily operation, an institution collects copies of people’s IDs. How long should it keep the copies? What are the things it must heed when handling the ID copies?
- When collecting copies of IDs and other documents such as certificates from employees, the employer demands that the originals be shown at the same time. Is it appropriate?
- Can we print a member’s ID number on a membership card? Does the Office have any guide on how many digits of an ID number may appear on a membership card?
- Is it appropriate for a bank to collect, for security reasons, personal data of the workers from the cleaning company servicing the bank?
- No. 5 of Article 11 of the Personal Data Protection Act provides that the doctor designated by the patient concerned should exercise the right of access to healthcare data. In the case of a patient seeking healthcare service, there would be practical diff
- Can institutions require their employees to provide health reports?
- Is it legal for healthcare institutions to send their patient record documents via the Internet?
- Can doctors disclose their patients’ personal data to others?
- The law requires that personal data “combination” be undertaking with authorization. What is data combination? If existing personal data are already in combination, does it constitute a breach of law?
- Where data processing is automatic, the processing institution must notify the Office for Personal Data Protection. If the Office finds that something violates the law, will the Office demand rectification of the institution?
- Must government agencies have authorization to share personal data between them by combination of the data in their possession?
- If, when collecting personal data, we inform the staff concerned that their data will be transferred or be in combination, and we obtained their consent, are we still required to notify or seek authorization from the Office for Personal Data Protection?
- Is it against Law no. 8/2005 (Personal Data Protection Act) if the Works Bureau provides to other government agencies, private association or organizations the registered data of urban engineers, construction companies, including their names, contact info
- Are Driver Licenses regarded as personal data of identifiable persons? Can a government agency refer a person’s penalty data to another agency by way of data combination? Does such reference require the authorization of the Office for Personal Data Protec
- Does it constitute personal data transfer or combination if such data is transferred between different departments of the same government agency, e.g., between Departments A and B of the Civic and Municipal Affairs Bureau?
- Government portals tend to have log-on windows for visitors to log onto websites of other agencies. For example, on the website of Public Administration and Civil Service Bureau allow visitors to log onto the Retirement Fund system. The Bureau and the Fun
- A magazine publisher often runs surveys and product promotions by making phone calls to citizens’ mobile phones. Is it an intrusion on citizens’ privacy and hence a violation of the Personal Data Protection Act?
- Which government agency oversees an institution’s practice of personal data processing? Which agency is responsible for prosecuting those institutions that do not abide by the law?
- Does the Personal Data Protection Act trace back to any offence in the past? Will legal actions be taken against mishandling of personal data before the Act took effect?
- If we use Fingerprint Attendance Systems for attendance logging, do we have to notify the Office for Personal Data Protection?
- In Decree-law 73/89/M there are provisions for the archiving periods of historic files in Macao. The Personal Data Protection Act also has provisions for the data archiving periods. Which should be taken as standards?
- If an institution’s computer system is infiltrated with the result of data leakage, will the institution be held responsible?
- Does the Office for Personal Data Protection have any guideline on the extent to which institutions should have their computer systems protected?
- Is an institution required to establish agreement on confidentiality with processors?
- Is it legal for healthcare institutions to send their patient record documents via the Internet?
- Network service providers offer salary management software to customers. What responsibilities do they have in respect of personal data protection?
- Is an institution required to establish agreement on confidentiality with processors?
- If a company contracts a service project to its Shanghai branch, is its related data processing practice in conformity with the Personal Data Protection Act? Must it notify the Office for Personal Data Protection or apply for approval thereof?
- What protection does a person have if an institution abuses his or her personal data? For example, an employer transfers an employee’s personal data to a third party.
- What penalties are there for employers who abuse employees’ personal data?
- Has the Office for Personal Data Protection issued any guide regarding fees to be charged for personal data review?
- What kind of employee monitoring is legal, according to the Principles concerning the protection of personal data in the workplaces: guidelines for employee monitoring?
- A magazine publisher often runs surveys and product promotions by making phone calls to citizens’ mobile phones. Is it an intrusion on citizens’ privacy and hence a violation of the Personal Data Protection Act?
- While it is legal to monitor consulting phone calls from the public, given the public and the employees are properly notified, is it legal if the monitoring is run only to know whether there is [internal] data leakage?
- How should one view employee surveillance for assessing employee performance, which involves many aspects?
- To prevent the outsourced workers from staying idle in work hours, can we install camera surveillance device in the workers’ sitting room? Can we install surveillance device in our security room?
- Usually incoming query calls from the public are audio recorded. If an executive wants to ascertain whether answers offered are correct, can he or she sample check the audio recordings?
- Do we have to log every step of data processing, such as the time of collection, updating and by whom?
- While institutions may install CCTV systems in reception facilities and high-risk areas, can they install surveillance systems in the workplaces of the staff?
- In its daily operation, an institution collects copies of people’s IDs. How long should it keep the copies? What are the things it must heed when handling the ID copies?
- When collecting copies of IDs and other documents such as certificates from employees, the employer demands that the originals be shown at the same time. Is it appropriate?
- Nowadays most facilities, such as hotels, banks and government agencies, have CCTV systems. Do such systems intrude on people’s privacy?
- Must an institution appoint a personal data officer? If so, must it inform the Office of its appointment?
- Our company often receives letters from banks, hotels, etc., asking about our former employees such as their performance during employment with us, salary level, among other things. While such letters usually come with the written approval of the employee
- Civil servants’ ID numbers are used in various ways for recognition by different government departments. Should it be standardised?
- Under what circumstances may employers monitor their employees by virtue of the Principles concerning the protection of personal data in the workplaces: guidelines for employee monitoring?
- Can audio recordings be legally made of recruiting interviews?
- In Decree-law 73/89/M there are provisions for the archiving periods of historic files in Macao. The Personal Data Protection Act also has provisions for the data archiving periods. Which should be taken as standards?
- Can an employer access an employee’s computer to review the data therein in the absence of the employee?
- An institution has CCTV system on its premises for security reasons. Can staff ask to review the CCTV recordings for evidence for judging the dispute they have had in the lobby?
- In the case of a customer complaint, can we review the audio recording for evidence? Can we use the audio recording of the conversation between a clerk and a customer as training material? If a recording contains the warning “in order to ensure service qu
- While employers should not monitor employees in non-office hours, CCTV systems usually run 24 hours/day. Is it legal?
- How long should an employer keep the personal data of a former employee?
- In the Principles concerning the protection of personal data in the workplaces: guidelines for employee monitoring, it is advised that under special circumstances the data of monitoring should be kept for no more than 6 months. What are special circumstan
- If an employee is found sleeping in a warehouse via a CCTV system installed for security purposes, can the employee be disciplined based on the evidence derived from the CCTV?
- If a dossier of an employee contains only Certificate of Criminal Record, but it is kept in the same file cabinet with other dossiers, is it proper?
- Are companies responsible for taking proactive actions to correct customer data? For example, adding “28” or “6” to their contact numbers where necessary.
- Is it appropriate to have video camera surveillance in a dining room where staffs have meals with no expensive apparatus or belongings stored there?
- Is it appropriate for institutions to make public on their websites the name list of job seekers who sit through their exams?
- Where employees are allowed to communicate with customers using institution-provided MSN, is it legal for the employer to monitor the employees’ conversation with customers (given that such conversation may involve privacy)?
- Is Law no. 8/2005 (the Personal Data Protection Act) applicable only to government agencies? Are ordinary citizens’ personal data protected under the law? What rights do citizens have to access their personal data?
- How do you define monitoring? If computer systems come with monitoring functions enabled, but the employer claims that monitoring is not his or her purpose, how should we take it?
- If we use Fingerprint Attendance Systems for attendance logging, do we have to notify the Office for Personal Data Protection?
- Article 3 of the Personal Data Protection Act provides that the applicable scope of the Act covers wholly or partially automatic personal data processing, non-automatic handling of personal data stored or to be stored in manual file systems, video or came
- Is it against Law no. 8/2005 (Personal Data Protection Act) if the Works Bureau provides to other government agencies, private association or organizations the registered data of urban engineers, construction companies, including their names, contact info
- Are Driver Licenses regarded as personal data of identifiable persons? Can a government agency refer a person’s penalty data to another agency by way of data combination? Does such reference require the authorization of the Office for Personal Data Protec
- How to distinguish security systems from monitoring ones?
- A staff member of a management company was often reported to sleep during work hours. The employer secretly shot a video footage of the employee dozing during duty hours, to be used as evidence for sacking the employee. Did the employer commit intrusion o
- Does the Personal Data Protection Act trace back to any offence in the past? Will legal actions be taken against mishandling of personal data before the Act took effect?
- A company plans to disclose the name list of its shareholders on its website. Is such a move subject to the provisions of the Personal Data Protection Act?
- In order to claim back money owed, can one upload the copy of the debtor’s ID card onto the Internet (with one of the characters of the cardholder’s name erased, and the eyes on the photo blurred and other personal data deleted)?
- The enquirer has made secret audio recordings of her husband talking with a third party, and wonders if she has breached the Personal Data Protection Act.
- If one installs a surveillance system (in the sitting room only) in one’s home to monitor how one’s household helper takes care of the kids, is such a conduct subject to the provisions of the Personal Data Protection Act?
- Is handling company account data subject to the provisions of the Personal Data Protection Act?
- Can a household have a video monitoring device to monitor any helper (or nanny) taking care of the household’s baby? Is this practice in compliance with the Personal Data Protection Act?
- When applying for a job, the enquirer sent his CV by mistake to a wrong email inbox. The CV contains his phone number, ID document number and other data. What can the enquirer do about it?
- Are government agencies as public legal persons subject to the provisions of the Personal Data Protection Act?
- The enquirer was paying with credit card for some cigarettes in a shop in Hong Kong when he was asked to show his Hong Kong Resident ID card. The shop keepers explained that the ID check was a measure to prevent credit card fraudulence. The enquirer wonde
- Is it proper to install a CCTV system at the door of one’s flat monitoring the corridor shared with the neighbours?
- How should a person retrieve his or her personal data and belongings which have been under seizure?
- The law requires that personal data “combination” be undertaking with authorization. What is data combination? If existing personal data are already in combination, does it constitute a breach of law?
- If we use Fingerprint Attendance Systems for attendance logging, do we have to notify the Office for Personal Data Protection?
- Article 3 of the Personal Data Protection Act provides that the applicable scope of the Act covers wholly or partially automatic personal data processing, non-automatic handling of personal data stored or to be stored in manual file systems, video or came
- Is it against Law no. 8/2005 (Personal Data Protection Act) if the Works Bureau provides to other government agencies, private association or organizations the registered data of urban engineers, construction companies, including their names, contact info
- Are Driver Licenses regarded as personal data of identifiable persons? Can a government agency refer a person’s penalty data to another agency by way of data combination? Does such reference require the authorization of the Office for Personal Data Protec
- A staff member of a management company was often reported to sleep during work hours. The employer secretly shot a video footage of the employee dozing during duty hours, to be used as evidence for sacking the employee. Did the employer commit intrusion o
- A data controller using automatic processing devices must notify the Office for Personal Data Protection. What is automatic data processing?
- Network service providers offer salary management software to customers. What responsibilities do they have in respect of personal data protection?
- Under what circumstances may employers monitor their employees by virtue of the Principles concerning the protection of personal data in the workplaces: guidelines for employee monitoring?
- When holding recruitment exams, government agencies tend to refer the applicants’ personal data to the Identification Bureau for verification. Does it require prior consent of the applicants? If an applicant objects, what can we do?
- When hiring workers for confidential data processing, can institutions review their background (e.g. family members’ status)?
- Can institutions use their staff’s or students’ photos on their WebPages or in journals for administrative or operational reasons? Does it require the consent of the data subject?
- Must government agencies obtain consent of their staff to upload the staff’s photos to the intranet to be accessed and reviewed by the Chiefs and Personnel Executives?
- Can audio recordings be legally made of recruiting interviews?
- Can we upload staff names list onto the intranet to facilitate institution-wide search for office numbers and phone numbers?
- No. 5 of Article 11 of the Personal Data Protection Act provides that the doctor designated by the patient concerned should exercise the right of access to healthcare data. In the case of a patient seeking healthcare service, there would be practical diff
- If, when collecting personal data, we inform the staff concerned that their data will be transferred or be in combination, and we obtained their consent, are we still required to notify or seek authorization from the Office for Personal Data Protection?
- With the consent of the data subject, can the Land, Public Works and Transport Bureau (the Works Bureau) disclose the data of registered urban engineers, architects and construction companies on its website for public review? Such data may include the per
- Is it against Law no. 8/2005 (Personal Data Protection Act) if the Works Bureau provides to other government agencies, private association or organizations the registered data of urban engineers, construction companies, including their names, contact info
- According to the Administrative Procedural Code, a person against whom a law-enforcing action is to be taken must be informed of the action via a return registered letter. Since the data subject tend to provide incorrect addresses, it is often difficult t
- While institutions may install CCTV systems in reception facilities and high-risk areas, can they install surveillance systems in the workplaces of the staff?
- A staff member of a management company was often reported to sleep during work hours. The employer secretly shot a video footage of the employee dozing during duty hours, to be used as evidence for sacking the employee. Did the employer commit intrusion o
- Can we print a member’s ID number on a membership card? Does the Office have any guide on how many digits of an ID number may appear on a membership card?
- If a bank was required by a foreign law-enforcing agency to provide its customers’ personal data, should it oblige?
- Can a bank collect a customer’s data that are disclosed in a court bulletin in newspapers?
- Is it legal for a bank to supply a remitter’s personal data to the bank of the remittance receiver, at the request of the receiving bank?
- Which are the authorized agencies in Macao that may review a bank’s customer database?
- Our company often receives letters from banks, hotels, etc., asking about our former employees such as their performance during employment with us, salary level, among other things. While such letters usually come with the written approval of the employee
- Can a government agency require its staff to provide travel documents to prove that they have been out of Macao during their special vacations?
- When running a course, the Macau Institute of Financial Services affiliated with the Monetary Authority of Macau requires the course attendees to provide copies of their IDs. Is it appropriate? The Institute states that this data will mainly be used for i
- Is it appropriate for a bank to collect, for security reasons, personal data of the workers from the cleaning company servicing the bank?
- Is it appropriate for companies to require each of their staff to surrender their office computers’ turn-on passwords?
- Is it appropriate to upload to a company’s intranet photos of the company activities (such as Christmas dinner party) for the staff to download?
- Can employer institutions use fingerprint attendance system to log staff working time?
- In order to claim back money owed, can one upload the copy of the debtor’s ID card onto the Internet (with one of the characters of the cardholder’s name erased, and the eyes on the photo blurred and other personal data deleted)?
- Can one have one’s CV and ID document copies back from the recruiting entity to which one submitted the copies when applying for a job, if one eventually decides not to take the job or if one fails to get it?
- Is it an infringement on staff’s privacy if a government agency displays on its premises a list of seniority of its staff?
- A government agency organised a staff tour to the mainland, hoping that it would help on-job training, tension reduction and enhancing staff efficacy. However, the staff were required to give their ID document numbers when enrolling for the activity. Was
- The in-service certificate issued by an agency to a public servant bears the data subject’s ID document number and job details. Is this practice subject to the Personal Data Protection Act? If so, is anything about the practice against the Act?
- When applying for a job, the enquirer sent his CV by mistake to a wrong email inbox. The CV contains his phone number, ID document number and other data. What can the enquirer do about it?
- Can institutions require their employees to provide health reports?
- Is it legal for healthcare institutions to send their patient record documents via the Internet?
- Can doctors disclose their patients’ personal data to others?
- If a dossier of an employee contains only Certificate of Criminal Record, but it is kept in the same file cabinet with other dossiers, is it proper?
- The law requires that personal data “combination” be undertaking with authorization. What is data combination? If existing personal data are already in combination, does it constitute a breach of law?
- Where data processing is automatic, the processing institution must notify the Office for Personal Data Protection. If the Office finds that something violates the law, will the Office demand rectification of the institution?
- Must government agencies have authorization to share personal data between them by combination of the data in their possession?
- If, when collecting personal data, we inform the staff concerned that their data will be transferred or be in combination, and we obtained their consent, are we still required to notify or seek authorization from the Office for Personal Data Protection?
- If a staff member wants to review the surveillance data collected by the employer, does he or she need the approval of his or her Chief?
- Is it against Law no. 8/2005 (Personal Data Protection Act) if the Works Bureau provides to other government agencies, private association or organizations the registered data of urban engineers, construction companies, including their names, contact info
- Are Driver Licenses regarded as personal data of identifiable persons? Can a government agency refer a person’s penalty data to another agency by way of data combination? Does such reference require the authorization of the Office for Personal Data Protec
- Does it constitute personal data transfer or combination if such data is transferred between different departments of the same government agency, e.g., between Departments A and B of the Civic and Municipal Affairs Bureau?
- Government portals tend to have log-on windows for visitors to log onto websites of other agencies. For example, on the website of Public Administration and Civil Service Bureau allow visitors to log onto the Retirement Fund system. The Bureau and the Fun
- Is there any limit on the exercise of right to information and right of access by a data subject?
- How should one view employee surveillance for assessing employee performance, which involves many aspects?
- What protection does a person have if an institution abuses his or her personal data? For example, an employer transfers an employee’s personal data to a third party.
- Is it appropriate to upload to a company’s intranet photos of the company activities (such as Christmas dinner party) for the staff to download?
- Can one have one’s CV and ID document copies back from the recruiting entity to which one submitted the copies when applying for a job, if one eventually decides not to take the job or if one fails to get it?
- What consequences will an employer take if he or she installs and runs a surveillance system in a workplace without informing the employees working there?
- When an employer uses surveillance of employees in workplace, is it compulsory by law for the employer to make a personal data collection statement to the employees about the surveillance?
- What are the consequences of an enterprise not abiding by its personal data collection statement in running its surveillance on employees?
- Before the Personal Data Protection Act came into effect, most institutions did not make personal data collection statement when collecting data of their employees. How should the employers comply with the law in this regard from now on?
- With the consent of the data subject, can the Land, Public Works and Transport Bureau (the Works Bureau) disclose the data of registered urban engineers, architects and construction companies on its website for public review? Such data may include the per
- According to the Administrative Procedural Code, a person against whom a law-enforcing action is to be taken must be informed of the action via a return registered letter. Since the data subject tend to provide incorrect addresses, it is often difficult t
- If an institution collects personal data for running a course or activity, must it make a personal data collection statement? If so, must the statement be printed upon the application form?
- Institutions tend to ask visitors to provide their personal data. Must the institutions have their personal data collection statement handy at their reception counters?
- Is it legal to demand that service providers provide a list of their personnel before allowing their personnel to enter an entity to work?
- While institutions may install CCTV systems in reception facilities and high-risk areas, can they install surveillance systems in the workplaces of the staff?
- Can employee surveillance data be reviewed in an internal hearing?
- If a shop has CCTV system installed on its business premises, must it inform the customers of the surveillance? Must it tell customers about the purposes of surveillance?
- If a company needs to send its staff’s personal data to a government agency, must it say so in its personal data collection statement? Must its statement have the staff's signatures?
- If staff are forbidden to use company equipment for personal purposes in office hours, does the employer have the right to access and review data on such equipment anytime?
- Is it legal for institutions to have their visitors’ personal data registered for security reasons?
- Can an employer oblige if he or she is approached by someone seeking information about a former employee’s job performance, with the authorization to obtain such information signed by the former employee in question?
- When the personal data collection statement is ready, should we put it up on the company notice board or have it signed by every employee?
- CCTV systems installed for security purposes may take image data of staff members. Is it legal?
- Is it legal for a bank to supply a remitter’s personal data to the bank of the remittance receiver, at the request of the receiving bank?
- If a customer is not in when service staff visit him, can they legally seek the customer’s contact information from the customer’s neighbor?
- Is it appropriate for institutions to make public on their websites the name list of job seekers who sit through their exams?
- As far as hotlines are concerned, can they do without the audio device reminding callers that the line is being recorded, and use other means instead (e.g., operator explanation to each caller)?
- A bank recently notified one of its customers, asking the latter to update customer data and provide additional documents, without explaining why. Is the bank collecting more data than necessary?
- A government agency organised a staff tour to the mainland, hoping that it would help on-job training, tension reduction and enhancing staff efficacy. However, the staff were required to give their ID document numbers when enrolling for the activity. Was
- A magazine publisher often runs surveys and product promotions by making phone calls to citizens’ mobile phones. Is it an intrusion on citizens’ privacy and hence a violation of the Personal Data Protection Act?
- Is Law no. 8/2005 (the Personal Data Protection Act) applicable only to government agencies? Are ordinary citizens’ personal data protected under the law? What rights do citizens have to access their personal data?
- When retrieving data gathered from employee monitoring, the employer must ensure the presence of the employees whose data are concerned, or that they be properly informed. If, however, an employee is suspected of illegal conduct, criminal offence or admin
- No. 5 of Article 11 of the Personal Data Protection Act provides that the doctor designated by the patient concerned should exercise the right of access to healthcare data. In the case of a patient seeking healthcare service, there would be practical diff
- Has the Office for Personal Data Protection issued any guide regarding fees to be charged for personal data review?
- For reasons of “preventing business secret leakage,” can a bank refuse to allow a customer to review the data based on which the customer’s credit rating was made by the bank’s “automatic credit rating system”?
- What is the “reasonable timeline” within which the data subject may exercise their right of access their personal data?
- A government agency organised a staff tour to the mainland, hoping that it would help on-job training, tension reduction and enhancing staff efficacy. However, the staff were required to give their ID document numbers when enrolling for the activity. Was
- Where incoming calls are going to be recorded with prior warning, and if the caller objects straight away, but the recording is unable to be stopped immediately, what should be done? Is the warning “in order to ensure good service quality, your phone call
- While institutions may install CCTV systems in reception facilities and high-risk areas, can they install surveillance systems in the workplaces of the staff?
- The employees’ right to objection is a legal right. Does it mean that employees may refuse to provide personal data to employers? What is a substantial reason?
- Do people have the right to object the credit ratings made by the “automatic credit rating system”?
- Which government agency oversees an institution’s practice of personal data processing? Which agency is responsible for prosecuting those institutions that do not abide by the law?
- What consequences will an employer take if he or she installs and runs a surveillance system in a workplace without informing the employees working there?
- When an employer uses surveillance of employees in workplace, is it compulsory by law for the employer to make a personal data collection statement to the employees about the surveillance?
- Where data processing is automatic, the processing institution must notify the Office for Personal Data Protection. If the Office finds that something violates the law, will the Office demand rectification of the institution?
- What are the consequences of an enterprise not abiding by its personal data collection statement in running its surveillance on employees?
- A magazine publisher often runs surveys and product promotions by making phone calls to citizens’ mobile phones. Is it an intrusion on citizens’ privacy and hence a violation of the Personal Data Protection Act?
- What would the Office for Personal Data Protection advise regarding the data retention period of data of former staff?
- Do the Principles concerning the protection of personal data in the workplaces: guidelines for employee monitoring pertain to the code of conduct referred to in Article 26 of the Personal Data Protection Act?
- If we use Fingerprint Attendance Systems for attendance logging, do we have to notify the Office for Personal Data Protection?
- Can we upload staff names list onto the intranet to facilitate institution-wide search for office numbers and phone numbers?
- In Decree-law 73/89/M there are provisions for the archiving periods of historic files in Macao. The Personal Data Protection Act also has provisions for the data archiving periods. Which should be taken as standards?
- Must government agencies have authorization to share personal data between them by combination of the data in their possession?
- If, when collecting personal data, we inform the staff concerned that their data will be transferred or be in combination, and we obtained their consent, are we still required to notify or seek authorization from the Office for Personal Data Protection?
- With the consent of the data subject, can the Land, Public Works and Transport Bureau (the Works Bureau) disclose the data of registered urban engineers, architects and construction companies on its website for public review? Such data may include the per
- Is it against Law no. 8/2005 (Personal Data Protection Act) if the Works Bureau provides to other government agencies, private association or organizations the registered data of urban engineers, construction companies, including their names, contact info
- Can an employer access an employee’s computer to review the data therein in the absence of the employee?
- What protection does a person have if an institution abuses his or her personal data? For example, an employer transfers an employee’s personal data to a third party.
- What penalties are there for employers who abuse employees’ personal data?
- In its daily operation, an institution collects copies of people’s IDs. How long should it keep the copies? What are the things it must heed when handling the ID copies?
- A data controller using automatic processing devices must notify the Office for Personal Data Protection. What is automatic data processing?
- Network service providers offer salary management software to customers. What responsibilities do they have in respect of personal data protection?
- Is it legal for institutions to have their visitors’ personal data registered for security reasons?
- How long should an employer keep the personal data of a former employee?
- Must a bank seek the Office’s authorization if it plans to transfer of its blacklist (personal data it has gathered from court bulletins) to other countries?
- If an institution’s computer system is infiltrated with the result of data leakage, will the institution be held responsible?
- Does the Office for Personal Data Protection have any guideline on the extent to which institutions should have their computer systems protected?
- Is an institution required to establish agreement on confidentiality with processors?
- Is it legal for healthcare institutions to send their patient record documents via the Internet?
- If a company contracts a service project to its Shanghai branch, is its related data processing practice in conformity with the Personal Data Protection Act? Must it notify the Office for Personal Data Protection or apply for approval thereof?
- A company plans to buy for its staff insurance policies from an insurance company in Hong Kong. Does it have to apply to the Office for Personal Data Protection for approval?
- A bank plans to transfer its customers’ data to its mainland parent company for storage. Does it have the obligation to notify or seek authorization from Office for Personal Data Protection?
- In order to claim back money owed, can one upload the copy of the debtor’s ID card onto the Internet (with one of the characters of the cardholder’s name erased, and the eyes on the photo blurred and other personal data deleted)?
- Where data processing is automatic, the processing institution must notify the Office for Personal Data Protection. If the Office finds that something violates the law, will the Office demand rectification of the institution?
- If, when collecting personal data, we inform the staff concerned that their data will be transferred or be in combination, and we obtained their consent, are we still required to notify or seek authorization from the Office for Personal Data Protection?
- Must a bank seek the Office’s authorization if it plans to transfer of its blacklist (personal data it has gathered from court bulletins) to other countries?
- If a company contracts a service project to its Shanghai branch, is its related data processing practice in conformity with the Personal Data Protection Act? Must it notify the Office for Personal Data Protection or apply for approval thereof?
- A company plans to buy for its staff insurance policies from an insurance company in Hong Kong. Does it have to apply to the Office for Personal Data Protection for approval?
- A bank plans to transfer its customers’ data to its mainland parent company for storage. Does it have the obligation to notify or seek authorization from Office for Personal Data Protection?
- Where data processing is automatic, the processing institution must notify the Office for Personal Data Protection. If the Office finds that something violates the law, will the Office demand rectification of the institution?
- What would the Office for Personal Data Protection advise regarding the data retention period of data of former staff?
- If we use Fingerprint Attendance Systems for attendance logging, do we have to notify the Office for Personal Data Protection?
- With the consent of the data subject, can the Land, Public Works and Transport Bureau (the Works Bureau) disclose the data of registered urban engineers, architects and construction companies on its website for public review? Such data may include the per
- Is it against Law no. 8/2005 (Personal Data Protection Act) if the Works Bureau provides to other government agencies, private association or organizations the registered data of urban engineers, construction companies, including their names, contact info
- A data controller using automatic processing devices must notify the Office for Personal Data Protection. What is automatic data processing?
- If a company contracts a service project to its Shanghai branch, is its related data processing practice in conformity with the Personal Data Protection Act? Must it notify the Office for Personal Data Protection or apply for approval thereof?
- A company plans to buy for its staff insurance policies from an insurance company in Hong Kong. Does it have to apply to the Office for Personal Data Protection for approval?
- A bank plans to transfer its customers’ data to its mainland parent company for storage. Does it have the obligation to notify or seek authorization from Office for Personal Data Protection?
- Are data controllers required to submit the documents, related to their self-constituted Personal Data Policy and Personal Data Collection Statement given to the data subjects and the involved people, to the Office for Personal Data Protection?
- Which government agency oversees an institution’s practice of personal data processing? Which agency is responsible for prosecuting those institutions that do not abide by the law?
- What consequences will an employer take if he or she installs and runs a surveillance system in a workplace without informing the employees working there?
- What are the consequences of an enterprise not abiding by its personal data collection statement in running its surveillance on employees?
- A magazine publisher often runs surveys and product promotions by making phone calls to citizens’ mobile phones. Is it an intrusion on citizens’ privacy and hence a violation of the Personal Data Protection Act?
- Can an employer access an employee’s computer to review the data therein in the absence of the employee?
- What protection does a person have if an institution abuses his or her personal data? For example, an employer transfers an employee’s personal data to a third party.
- What penalties are there for employers who abuse employees’ personal data?
- In order to claim back money owed, can one upload the copy of the debtor’s ID card onto the Internet (with one of the characters of the cardholder’s name erased, and the eyes on the photo blurred and other personal data deleted)?
- What kinds of legal effects do copies of ID documents possess? What should a person do if his or her copy of ID document is appropriated?
- If a company contracts a service project to its Shanghai branch, is its related data processing practice in conformity with the Personal Data Protection Act? Must it notify the Office for Personal Data Protection or apply for approval thereof?
- Must government agencies have authorization to share personal data between them by combination of the data in their possession?
- Where data processing is automatic, the processing institution must notify the Office for Personal Data Protection. If the Office finds that something violates the law, will the Office demand rectification of the institution?
- Do the Principles concerning the protection of personal data in the workplaces: guidelines for employee monitoring pertain to the code of conduct referred to in Article 26 of the Personal Data Protection Act?
News Update
-
Privacy Commissioner for Personal Data, Hong Kong, Visits the Office for Personal Data Protection, Macao, to Strengthen Ties and Foster Collaboration
2023-04-24
The Office of the Privacy Commissioner for Personal Data, Hong Kong (PCPD) and the Office for Personal Data Protection, Macao (GPDP) held a meeting in Macao today (24 April) to strengthen their ties and discuss areas of closer cooperation in the protection of personal data. Senior officers of both offices also attended the meeting.
-
About us
The Office for Personal Data Protection (hereinafter as “the GPDP”) is the public authority established under Chief Executive Instruction (Despacho do Chefe do Executivo) 83/2007 of the Macao Special Administrative Region, operating independently under the supervision of the Chief Executive. Being the public authority referred to in Article 79(3) of the Civil Code and Law 8/2005 (the Personal Data Protection Act, or PDPA), the GPDP exercises the legal competence invested in it in supervising and coordinating the public implementation of and compliance with the PDPA, and devising professional secrecy regulations as well as supervising their implementation.
Address:Avenida da Praia Grande, N.º 804, Edif. China Plaza, 17.º andar, Macau
Fax: (853)2871 6116