Did you know?
The Privacy Commissioner is taking a stricter stance in relation to the collection of data subjects’ dates of birth.
Why does this matter to you?
It is common for many data users to collect data subjects’ dates of birth – sometimes you just want to wish your customer a happy birthday!
However, recently, from our experience and dealings with the Privacy Commissioner, his view has changed and the position now is that you should not collect a data subjects’ date of birth unless you need it for a justifiable reason (e.g. identity verification for hospital records or by banks).
Although this is not specifically addressed under the Personal Data (Privacy) Ordinance (“PDPO”), e.g. there is no specific mention that dates of birth should not be collected and there is no definition of “sensitive” personal data in the PDPO, this approach would fall within the general requirement under the PDPO that, among other things, personal data shall not be collected unless the purpose directly relates to a function or activity of the data user, the collection of the data is necessary for or directly related to that purpose, and the data is adequate but not excessive in relation to that purpose.
However, this does not mean that no dates of birth can be collected at all – there are ways to overcome this restriction depending on the context of use.
So do you want to wish your customers a happy birthday (or do you otherwise need a customer’s date of birth)? Contact us and we will be happy to help you come up with a solution!
How can Deacons help?
Deacons offers a wide range of services and advice in relation to personal data privacy matters. These include: