Privacy Law and Policy Reporter
Identity cards (ID cards) and identity numbers have been the subject of new developments in both South Korea and Hong Kong.
The Korean NGO Task Force against Electronic National ID Card (http://kpd.sing-kr.org/idcard/) reports that it is now less likely that Korea will develop an electronic ID card (see 3 PLPR 60 for details of the proposal).
The victory at the Presidential election in 18 December 1997 by opposition candidate Kim Dae Jung was significant in that his party has opposed the ID card project. He said in the televised election debates that he would reconsider the electronic ID card for privacy reasons.
The severe economic crisis facing the Korean government requires the reduction of the government reficit and reconsideration of large national projects. The NGO Task Force believes that the electronic national ID card project is likely to be one of the projects reduced or postponed.
Another important factor is the government restructuring ordered by the new President. The Department of Domestic Affairs which planned and operated the project is to be restructured into a much smaller organization or possibly scrapped.
However, the NGO Task Force cautions that Kim Dae Jung as President may take a different position from that when he was Oppostion leader, and that the the ID card industries, project-related companies and officials of the Department of Domestic Affairs are unlikely to let the ID Card project disappear without a fight.
Hong Kong’s Privacy Commissioner for Personal Data issued a Code of Practice on the Identity Card Number and Other Personal Identifiers (the Code) on 19 December 1997.
The Code gives guidance on the requirements of the Personal Data (Privacy) Ordinance as applied to the collection, retention, accuracy, use and security of identity card numbers, copies of the ID card and other personal identifiers.
The Code will take effect in two stages. All the requirements will take effect on 19 June 1998, except the requirement that data users should not issue to individuals cards, such as staff cards, which have their ID card numbers printed on them. This latter requirement will take effect on 19 December 1998.
Commissioner Stephen Lau said on releasing the Code
The basic position is that data users have no right to compel an individual to provide his or her ID card number or copy of the ID card unless authorised by law to do so. Data users however may request an individual to provide his or her ID card number or a copy of the ID card under the circumstances permitted by the code. In addition, data users should always consider alternatives to collecting the ID card number and copies of the ID card.
He noted that
In response to the consultation exercise on the draft code launched in August, we received over 500 submissions. The majority of them argued and supported with good reasons to be allowed to collect copies of ID cards. In response, we have in the final code provided for circumstances under which such collection is permitted. On the other hand, we strengthened the provisions in the code on security safeguards with respect to copies of ID cards.
He explained the role of the Code:
Non-compliance with the code is not itself unlawful. However, it will give rise to a presumption against the party concerned in any proceeding involving an alleged breach of the Ordinance. It will also weigh against the party concerned in any case under investigation by the Privacy Commissioner.
(From the Commissioner’s web site — http://www.pco.org.hk/news121997.html)
i) to use another personal identifier of the individual’s choice e.g. a passport number
ii) to accept identification of the individual by someone known to the data user e.g. where a resident at a block of flats known to the security guard identifies a visitor
iii) to accept some form of security e.g. a monetary deposit
Accuracy of ID card numbers and genuineness of ID card copies collected
Data users should implement stringent security safeguards for copies of ID cards they hold or transmit including:
a) marking copies of ID cards with the word “COPY” across the image of the card
b) treating ID card copies as confidential documents
c) taking steps to ensure that copies of ID cards transmitted are received only by the intended recipients by using for example, encryption, confidential mail boxes, access passwords or dedicated fax machines for receiving confidential material, etc.
Data users should not publicly display ID card numbers together with names of ID card holders. Specifically, with effect from 19 December 1998, they should not issue to individuals cards, such as staff cards, which have their ID card numbers printed on them.
(Copies of the code and a guide to data users can be obtainted from the Commisioner’s office at Unit 2001, 20/F., Office Tower, Convention Plaza, 1 Harbour Road, Wanchai, or on the Commissioner’s website at http://www.pco.org.hk)
A data user is permitted to collect an ID card number only under one or other of the following general circumstances:
A data user is permitted to collect a copy of an ID card only under one or other of the following circumstances:
a) To carry out any of the purposes mentioned in section 57(1) of the Ordinance, which are the safeguarding of security, defence or international relations in respect of Hong Kong.
b) To carry out any of the purposes mentioned in section 58(1) of the Ordinance, which include the prevention of detection of crime, and the assessment or collection of any tax or duty.
c) Where the collection of the ID card number of the individual is permitted under the code and the copy of the ID card is further collected for any of the following purposes:
i) to provide proof of compliance with any statutory requirement, e.g. an employer may collect a copy of an ID card to prove compliance with the requirement of section 17J of the Immigration Ordinance (Cap.115) to inspect the ID card of an individual before employing him or her;
ii) to comply with a requirement to collect the copy which is included in any code, rules, regulations or guidelines applicable to the data user and which requirement has been endorsed in writing by the Privacy Commissioner, e.g. the requirement, which the Privacy Commissioner has endorsed, on banks to collect copies of the ID cards of their customers in the Money Laundering Guidelines issued by the Hong Kong Monetary Authority;
iii) to collect or check the ID card number of the individual, but only if the individual has been given the choice of presenting his or her ID card in person instead, e.g. Transport Department is permitted to collect copies of ID cards for this purpose in relation to applications for driving licences made by post because individuals are given the choice of presenting their ID cards in person;
iv) for the issuing of an officially recognised travel document, e.g. the BN(O) passport; or
v) to enable the data user to carry out functions related to the operation of administrative tribunals or courts.
d) In addition, Immigration Department is permitted to collect copies of ID cards in carrying out its functions and activities.