GlareVPN使用日本在地伺服器‧日本本地IP位址,述不能訪問日本國內網站的情形將通通消失。  「聖騎士之戰 -STRIVE-」釋出全新劇情預告片!不容錯過的超高水準精美畫質 PV!   Paul George x PlayStation:再次聯名推出PG 5 PlayStation™5 Colorway   試食限量發售軟綿綿「伊布東京香蕉」   《猛毒2:血蜘蛛》——標誌性共生體即將真實現身   電競椅開發商「Bride」推出從真車的原版座椅取下的附屬產品「Multi Caster Pro・Yaris/GR Yaris Type」!   「FINAL FANTASY」系列最新作『STRANGER OF PARADISE FINAL FANTASY ORIGIN』即將登上PS5和PS4!   這是綠色版瑪利歐?「樂高®路易吉™」新登場!   《Cuphead》的《The Delicious Last Course》DLC將於2022年6月30日登陸PS4 

Should IP addresses constitute personal data?

The IT sector is among the sectors most directly affected by this ordinance The government’s consultation paper for the review of the Personal Data (Privacy) Ordinance (PDPO) is long overdue. The ordinance was passed in 1996, before the Internet became popular—let alone Web 2.0 and social media—and is thus far behind public awareness and expectation. The public naturally wants “maximum protection,” but as the consultation document rightfully states: “balance is needed between safeguarding personal data privacy and facilitating continued development of information and communications technology,” and the ordinance “should remain flexible and relevant” in spite of technological change”—that is, it should maintain technological neutrality. Sensitive data Nonetheless, the IT sector is among the sectors most directly affected by this ordinance. An example: the proposal in the consultation document that biometric information be classified as “sensitive personal data”—a new introduction to the ordinance that would call for a higher degree of protection by the data users, and hence heavier punishment in case of data-leakage. The government’s rationale is that such biometric data are inalterable, thus damage caused to data-owners would be severe and permanent. However, why single out biometric data to be made “sensitive,” while in other jurisdictions such as Australia and the UK, sensitive personal data includes criminal records, racial or ethnic origin, political opinions, religious or philosophical beliefs, membership in trade unions, health information, and sexual orientation? In fact, ever since the Privacy Commissoner's Office issued a directive earlier this year, repudiating the use of fingerprint technology in schools for attendance keeping, the effects have already been chilling for local companies providing such solutions. While the PCO guidelines maintains that biometric solutions are acceptable as long as it is not mandatory, or that such high level of secure access control is justified for its purpose, nonetheless many biometric solution providers have simply seen their business dry up since this summer. Another main concern for the IT sector is the proposal to regulate data processors—such as application developers, Internet service or web hosting providers, which provide outsourced services to the actual data users that hold the personal data of the subjects. Previously, data processors were not regulated by the ordinance. With the advent of cloud computing, this is a void to be addressed. All users affected Should data processors be regulated directly by the ordinance, or indirectly—meaning the data user must “ensure that its data processors provide security protection to personal data at a level comparable to itself,” as required by the ordinance? Data subjects would have redress against data users, who would in turn have redress under contractual law with the data processor. There are many other areas in the consultation that will affect all businesses handling any type of personal data, including its customers and employees. For instance, should there be mandatory disclosure to data subjects in case of a breach? Also, the document proposes further empowering the Privacy Commissioner by making it an offense in cases of unauthorized obtaining, disclosure and sale of personal data—or repeated contravention of a data protection principle—and allowing the Commissioner to impose monetary penalty on serious contravention of data protection principles. However, the document also reveals some recommendations made by the Commissioner but not taken up by the government—the IT sector should consider whether IP addresses constitute personal data. While IP addresses by themselves won’t identify users, there are circumstances where combined with other data, IP addresses will be critical in identifying their users. It is unfortunate that the government has chosen not to even consult this important issue, which would produce better guidelines for the industry going forward. The Personal Data (Privacy) Ordinance consultation document is at and the deadline for responses is November 30, 2009. Published on Computerworld Hong Kong November 2009 Issue
TechNow 當代科技


Gearbest 購物平台