Stringent security measures protect the personal data of e-Certs issued by the Hongkong Post Certification Authority from any unauthorised use.

The Office of the Government Chief Information Officer said today that to ensure more efficient use of public funding and to further drive the utilisation of e-Certs, Hongkong Post conducted an open tendering exercise earlier this year, inviting the private sector to run the e-Cert operation. Submissions are being evaluated.

In the course of preparing the tender exercise, Hongkong Post conducted a privacy impact assessment to ensure adequate security measures will be implemented by the contractor to protect the personal data privacy of e-Cert holders. The Privacy Commission was also consulted and their comments were incorporated in the terms of the tender document.

Personal data

When a bidder is successfully identified, the Postmaster General will remain a recognised Certification Authority under the Electronic Transactions Ordinance. All the personal data of the e-Cert users will still be owned by the Government.

The contractor will be allowed to use the personal data of e-Cert holders owned by the Government only when the contractor is performing its obligations under the contract for the provision of e-Cert services. If the contractor is providing any value-added services, the e-Cert holders' consent will need to be sought on whether they wish to receive information about these services.

The contractor must also fully comply with the requirements under the Personal Data (Privacy) Ordinance, as well as the Government's information security requirements. Therefore, there is no question that the personal data will be misused by the private sector for any commercial promotional purposes.