Home | Databases | WorldLII | Search | Feedback Privacy Law and Policy Reporter

Greenleaf, Graham --- "ID Cards in Asia - recent developments" [1998] PrivLawPRpr 15; (1998) 4(8) Privacy Law & Policy Reporter 152

• Korea’s ID card reprieve?
• Hong Kong’s Code of Practice
• Major requirements of the Hong Kong code
• Collection of ID card number and ID card copies
• Security of ID card copies
• Appendix I (Data users permitted to collect ID card numbers)
• Appendix II (Data users permitted to collect copies of ID cards)

ID Cards in Asia — recent developments

Graham Greenleaf

Identity cards (ID cards) and identity numbers have been the subject of new developments in both South Korea and Hong Kong.

Korea’s ID card reprieve?

The Korean NGO Task Force against Electronic National ID Card (http://kpd.sing-kr.org/idcard/) reports that it is now less likely that Korea will develop an electronic ID card (see 3 PLPR 60 for details of the proposal).

The victory at the Presidential election in 18 December 1997 by opposition candidate Kim Dae Jung was significant in that his party has opposed the ID card project. He said in the televised election debates that he would reconsider the electronic ID card for privacy reasons.

The severe economic crisis facing the Korean government requires the reduction of the government reficit and reconsideration of large national projects. The NGO Task Force believes that the electronic national ID card project is likely to be one of the projects reduced or postponed.

Another important factor is the government restructuring ordered by the new President. The Department of Domestic Affairs which planned and operated the project is to be restructured into a much smaller organization or possibly scrapped.

However, the NGO Task Force cautions that Kim Dae Jung as President may take a different position from that when he was Oppostion leader, and that the the ID card industries, project-related companies and officials of the Department of Domestic Affairs are unlikely to let the ID Card project disappear without a fight.

Hong Kong’s Code of Practice

Hong Kong’s Privacy Commissioner for Personal Data issued a Code of Practice on the Identity Card Number and Other Personal Identifiers (the Code) on 19 December 1997.

The Code gives guidance on the requirements of the Personal Data (Privacy) Ordinance as applied to the collection, retention, accuracy, use and security of identity card numbers, copies of the ID card and other personal identifiers.

The Code will take effect in two stages. All the requirements will take effect on 19 June 1998, except the requirement that data users should not issue to individuals cards, such as staff cards, which have their ID card numbers printed on them. This latter requirement will take effect on 19 December 1998.

Commissioner Stephen Lau said on releasing the Code

The basic position is that data users have no right to compel an individual to provide his or her ID card number or copy of the ID card unless authorised by law to do so. Data users however may request an individual to provide his or her ID card number or a copy of the ID card under the circumstances permitted by the code. In addition, data users should always consider alternatives to collecting the ID card number and copies of the ID card.

He noted that

In response to the consultation exercise on the draft code launched in August, we received over 500 submissions. The majority of them argued and supported with good reasons to be allowed to collect copies of ID cards. In response, we have in the final code provided for circumstances under which such collection is permitted. On the other hand, we strengthened the provisions in the code on security safeguards with respect to copies of ID cards.

He explained the role of the Code:

Non-compliance with the code is not itself unlawful. However, it will give rise to a presumption against the party concerned in any proceeding involving an alleged breach of the Ordinance. It will also weigh against the party concerned in any case under investigation by the Privacy Commissioner.

Major requirements of the Hong Kong code

(From the Commissioner’s web site — http://www.pco.org.hk/news121997.html)

Collection of ID card number and ID card copies

• Before collecting ID card numbers, data users should consider whether there are any less privacy-intrusive alternatives to such collection, such as

i) to use another personal identifier of the individual’s choice e.g. a passport number

ii) to accept identification of the individual by someone known to the data user e.g. where a resident at a block of flats known to the security guard identifies a visitor

iii) to accept some form of security e.g. a monetary deposit

• Data users should only collect ID card numbers and copies of the ID card under the circumstances permitted by the code (a list of such circumstances is given in Appendix I and II).

Accuracy of ID card numbers and genuineness of ID card copies collected

• In general, data users should collect and check ID card numbers and ID card copies against the ID card produced in person by the individual concerned. In exceptional cases where this is not possible, additional precautionary measures should be adopted to avoid inaccuracy or falsity in the record.
• For example, an ID card number may be collected from an ID card copy mailed in by the individual, where the individual chooses to mail in such copy instead of coming in person to show his ID card. In that case, the staff responsible for collecting such a copy should be adequately trained to enable him or her to detect any dubious sign shown on the copy.

Security of ID card copies

Data users should implement stringent security safeguards for copies of ID cards they hold or transmit including:

a) marking copies of ID cards with the word “COPY” across the image of the card

b) treating ID card copies as confidential documents

c) taking steps to ensure that copies of ID cards transmitted are received only by the intended recipients by using for example, encryption, confidential mail boxes, access passwords or dedicated fax machines for receiving confidential material, etc.

Display of ID card numbers with names of ID card holders

Data users should not publicly display ID card numbers together with names of ID card holders. Specifically, with effect from 19 December 1998, they should not issue to individuals cards, such as staff cards, which have their ID card numbers printed on them.

(Copies of the code and a guide to data users can be obtainted from the Commisioner’s office at Unit 2001, 20/F., Office Tower, Convention Plaza, 1 Harbour Road, Wanchai, or on the Commissioner’s website at http://www.pco.org.hk)

Appendix I (Data users permitted to collect ID card numbers)

A data user is permitted to collect an ID card number only under one or other of the following general circumstances:

• Where an Ordinance gives the data user a power to require individuals to provide their ID card numbers, e.g. section 5 of the Registration of Persons Ordinance (Cap. 177) gives public officers such a power.
• Where an Ordinance requires the data user to collect the ID card number, e.g. section 17K of the Immigration Ordinance (Cap. 115) requires employers to keep a record of the number of the document, which is usually an ID card, by virtue of which each employee is lawfully employable.
• Where the use of the ID card number is necessary to carry out any of the purposes mentioned in section 57(1) of the Ordinance, which are the safeguarding of security, defence or international relations in respect of Hong Kong.
• Where the use of the ID card number is necessary to carry out any of the purposes mentioned in section 58(1) of the Ordinance, which include the prevention of detection of crime, and the assessment or collection of any tax or duty.
• Where the use of the ID card number is necessary to enable the person to carry out functions related to the operation of an administrative tribunal or court, e.g. to ensure the correct identification of individuals involved in court proceedings.
• To enable the data user to identify the individual concerned or to attribute data to him or her where any of the following is necessary:
• To advance the interests of the individual, e.g. to ensure that the correct medical record is referred to when treating a patient,
• T prevent any data user, not including the data user, from suffering a detriment, e.g. to ensure that someone else is not given the wrong medication because the wrong medical record is referred to,
• To enable the data user to safeguard against damage or loss that is more than trivial, e.g. drivers involved in a traffic accident may exchange ID card number in order to identify each other when pursuing an insurance claim arising from the accident.
• More specifically, a data user is permitted to collect ID card numbers under the following circumstances:
• For inclusion in a document that establishes or is evidence of any legal or equitable right or interest or legal liability that is not trivial, e.g. in documents that establish an individual’s right of ownership of a flat.
• As the means of future identification of an individual who is permitted to enter premises where monitoring of the activities of the individual inside the premises is not reasonably practicable, e.g. entry to a commercial building outside office hours.
• As the means of future identification of an individual who is permitted to use equipment where monitoring of the use of the equipment is not reasonably practicable, e.g. the use of a computer that is out of sight of the staff concerned.
• As a condition for allowing the individual to have custody or control of property which is of a value that is more than trivial, e.g. a rental car.

Appendix II (Data users permitted to collect copies of ID cards)

A data user is permitted to collect a copy of an ID card only under one or other of the following circumstances:

a) To carry out any of the purposes mentioned in section 57(1) of the Ordinance, which are the safeguarding of security, defence or international relations in respect of Hong Kong.

b) To carry out any of the purposes mentioned in section 58(1) of the Ordinance, which include the prevention of detection of crime, and the assessment or collection of any tax or duty.

c) Where the collection of the ID card number of the individual is permitted under the code and the copy of the ID card is further collected for any of the following purposes:

i) to provide proof of compliance with any statutory requirement, e.g. an employer may collect a copy of an ID card to prove compliance with the requirement of section 17J of the Immigration Ordinance (Cap.115) to inspect the ID card of an individual before employing him or her;

ii) to comply with a requirement to collect the copy which is included in any code, rules, regulations or guidelines applicable to the data user and which requirement has been endorsed in writing by the Privacy Commissioner, e.g. the requirement, which the Privacy Commissioner has endorsed, on banks to collect copies of the ID cards of their customers in the Money Laundering Guidelines issued by the Hong Kong Monetary Authority;

iii) to collect or check the ID card number of the individual, but only if the individual has been given the choice of presenting his or her ID card in person instead, e.g. Transport Department is permitted to collect copies of ID cards for this purpose in relation to applications for driving licences made by post because individuals are given the choice of presenting their ID cards in person;

iv) for the issuing of an officially recognised travel document, e.g. the BN(O) passport; or

v) to enable the data user to carry out functions related to the operation of administrative tribunals or courts.

d) In addition, Immigration Department is permitted to collect copies of ID cards in carrying out its functions and activities.

Graham Greenleaf.