*********************************************************
Following is a question by the Hon Cyd Ho and a written reply by the Secretary for Financial Services and the Treasury, Professor K C Chan, in the Legislative Council today (January 27):
Question:
The authorities are negotiating with the Municipal Government of Shenzhen over mutual use of the electronic money of Hong Kong and Shenzhen, and have claimed that both sides are conducting in-depth study and holding detailed discussions concerning the technical, business and operational aspects of the issue. In this connection, will the Government inform this Council:
(a) whether the aforesaid technical issues include measures to protect the privacy of members of the public; what personal information is involved in the use of electronic money for transactions at present; whether the governments of both sides will standardise the information security measures concerning electronic money of both places so as to prevent any leakage and improper use of the relevant information through cross-boundary card readers;
(b) whether the authorities have sought advice from the Secretary for Justice and the Privacy Commissioner for Personal Data on mutual use of the electronic money of Hong Kong and Shenzhen; if so, when the advice was sought and what their advice was; and
(c) regarding the need of the law enforcement agencies to trace cross-boundary use of electronic money for transactions by the implicated parties for investigation of cases, of the details of the co-operation and co-ordination between the authorities concerned, the public security departments and private enterprises of both sides; what agreements have been made and principles of conduct have been adopted by both sides regarding the protection of the privacy of members of the public, as well as the details of such agreements and principles?
Reply:
President,
(a) Regardless of the type of Octopus card (personalised or standard) used in a payment transaction, the card readers only capture transaction related information, including the date and time of the transaction, the identity of the relevant service provider, the transaction value, the remaining balance on the card and the card number. No personal data of the cardholder is involved in the process. As a result, the personal data (privacy) will not be leaked through cross-boundary card readers.
(b) At present, the proposals under consideration for the mutual use of electronic money issued in Hong Kong and Shenzhen are based on the existing operational models of the Octopus Cards Ltd. and the Shen Zhen Shenzhentong Co. Ltd. Thus, as long as the ultimate proposal adopted complies with the relevant laws and regulations of both cities, it can start operation. It is not necessary to consult the Department of Justice and the Privacy Commissioner for Personal Data.
(c) If assistance from relevant law enforcement agencies of the Mainland is needed for the investigation of cases which involve cross-boundary criminal activities, the law enforcement agencies will liaise with their counterparts of the Mainland through existing channels, and ensure that the cases are processed in accordance with the relevant statutory requirements, including that on the protection of personal data privacy. The law enforcement agencies will seek advice from the Department of Justice if needed during the process.
Ends/Wednesday, January 27, 2010
Issued at HKT 11:58
NNNN