Complaint Case Notes

編號: 0021/2008/IP

標題: The post delivery

立案原因: Complaints


    Citizen X claimed that the Post Office had failed to take effective measures to protect his personal data, by misdelivering his bank account monthly statements and credit card monthly statements to addresses other than that indicated on the statements, which might lead to his personal data being disclosed to the wrong people.
  Citizen X claimed this was a violation of the Personal Data Protection Act and filed a complaint with this Office (GPDP).


    Article 3.1 of the Personal Data Protection Act states: “This Act shall apply to the processing of personal data wholly or partly by automatic means, and to the processing other than by automatic means of personal data which form part of manual filing systems or which are intended to form part of manual filing systems.” Article 4.1.(3) of the same Act states that:“processing of personal data” (“processing”) shall mean any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.”
  According to the Post Office’s response, the allegation was about ordinary letter mails. Follow-up investigation revealed no sufficient evidence to establish the complainant’s case, without ruling out the possibility of mis-delivery by the mailman.
  According to Articles 1 and 2.1.(c) of Decree-law 2/89/M (Organic Law of the Post Office), it is the mission of the Post Office to provide post services, especially as required by mail transport to or from or in transit via Macao. Apparently, the Post Office’s handling of ordinary letter mails mainly involves collection, transport and delivery procedures, as the business of a transporter requires. According to Article 3.1 of the Personal Data Protection Act, it is not within the scope of application of the Act.
  In summary, the post delivery of ordinary letter mails is not subject to the provisions of the Personal Data Protection Act, nor does it fall in the scope of GPDP’s competence.


    GPDP sent a letter to X, informing him of the above mentioned analysis and decision.

Please refer to "Personal Data Protection Act", articles 3,4 .