The perils of wishing a customer “Happy Birthday”

Did you know?

The Privacy Commissioner is taking a stricter stance in relation to the collection of data subjects’ dates of birth.

Why does this matter to you?

It is common for many data users to collect data subjects’ dates of birth – sometimes you just want to wish your customer a happy birthday!

However, recently, from our experience and dealings with the Privacy Commissioner, his view has changed and the position now is that you should not collect a data subjects’ date of birth unless you need it for a justifiable reason (e.g. identity verification for hospital records or by banks).

Although this is not specifically addressed under the Personal Data (Privacy) Ordinance (“PDPO”), e.g. there is no specific mention that dates of birth should not be collected and there is no definition of “sensitive” personal data in the PDPO, this approach would fall within the general requirement under the PDPO that, among other things, personal data shall not be collected unless the purpose directly relates to a function or activity of the data user, the collection of the data is necessary for or directly related to that purpose, and the data is adequate but not excessive in relation to that purpose.

However, this does not mean that no dates of birth can be collected at all – there are ways to overcome this restriction depending on the context of use.

So do you want to wish your customers a happy birthday (or do you otherwise need a customer’s date of birth)? Contact us and we will be happy to help you come up with a solution!

How can Deacons help?

Deacons offers a wide range of services and advice in relation to personal data privacy matters. These include:

  • Data protection compliance risk assessments
  • Data protection and security audits
  • Data privacy and cybersecurity policies, best practice and procedures including in-house training
  • Data processing and data transfer agreements
  • Advice in relation to data breaches including handling notifications, management and investigations
  • Digital marketing and data privacy issues including advertising, consumer protection, direct marketing and behavioural tracking

If you have any questions or concerns about your personal data policies/practices, or would like any further information, please contact us at: charmaine.koo@deacons.com or david.swain@deacons.com