個人資料保護辦公室

Gabinete para a Protecção de Dados Pessoais

Office for Personal Data Protection

Complaint Case Notes
Print

No: 0043/2010/IP

Title: Government bureau did not place payroll slips in sealed envelopes

Reason: Reports

Brief:

    Employee X of Department A pointed out that Department A did not place its payroll slips in sealed envelopes when distributing them every month. As a result, the payroll slips could have been read or copied by others without consent of the data subject during the transportation process. Employee X believed that Department A’s conduct breached the “Personal Data Protection Act” and filed a report to this Office (GPDP).

Analysis:

    In accordance with the provisions in articles 4.1.(1) and 3.1 of the Personal Data Protection Act, the data processing involved in this case is within the scope of regulation by the said Act.
  Employee X did not state which legal system is applicable to his work. If Employee X is a civil servant or an employee whose labour contract is governed by the “Macao Regulations on Workers of the Public Administration” (hereinafter referred to as ETAPM), authorized by Decree No. 87/89/M, then the ETAPM is applicable. In any other situation, the “Labour Relations Law” and the other relevant laws are applicable. After consulting the above-mentioned laws, the GPDP found no specific provisions stating that “payroll slips must be placed in a sealed envelope”.
  Department A responded, stating that the procedures for processing and distributing payroll slips were of the responsibility of the respective personnel. Moreover, unit heads are responsible for managing unit teams and need to provide support in areas such as salary processing and work schedules arrangement. During the transportation process, Department A used one envelope sealed with an adhesive strip and stamped with the word “Confidential” to enclose the payroll slips of the staffs of each unit. The unit heads or coordinators were then responsible for distributing the payroll slips to each staff. Department A declared that it had developed a “Privacy Policy” and “Safety Guidelines for the Processing of Personal Information” in order to keep their staffs informed. The staffs had also been informed of the relevant measures employed to process the personal data of clients and staff.
  In GPDP’s opinion, the procedures employed by Department A to process and distribute payroll slips use adequate technical and organizational means to protect the personal data and prevent any leakage or illegal use, in line with Article 15 of the “Personal Data Protection Act”. However, there is still room for optimisation. For example, sealing each individual payroll slip would reduce the probability that a staff can have access to information on others’ payroll slips.
  In summary, the procedures used by Department A to process and distribute payroll slips were, on the whole, carried out in accordance with Article 15 of the “Personal Data Protection Act”. There was, however, room for optimisation.

Result:

    GPDP has sent an official letter to Department A containing the abovementioned assessment and recommending that Department A it should optimize the procedure of payroll slip delivery.

Reference:
Please refer to "Personal Data Protection Act", articles 3,4,15,41 .

Back

Avenida da Praia Grande, N.º 804, Edif. China Plaza, 17.º andar, Macau Tel:(853) 2871 6006 Fax:(853) 2871 6116