eCommerce - from Policies to Practices

Henry ChangInformation Technology Advisor

The Office of the Privacy Commissioner for Personal Data4 June 2013

eCMO Conference 2013“New Challenges of Brand Building and eCommerce”

2

Data Protection Principles (DPPs) under the Personal Data (Privacy) Ordinance

• Purpose Specification and Collection Limitation

• Data Quality and Retention Principle

• Use Limitation Principle

• Security Safeguard Principle

• Openness Principle

• Individual Participation Principle

1. Informed Consent

2. Protection

3. Transparency

3

eCommerce - from Policies to Practices

Privacy by Design

A clever person solves problem,

a wise person avoids it.

4

Negative examples of execution

eCommerce - from Policies to Practices

5

Predictable URLs

6

‘Straight-through’ processing

Start

Online

shopping

Select

items

Create

accountProcess

order

Send

confirmation

receipt to

registered

email

address

Take credit

card

details

No

checking of

email

address

Receipt sent

to the wrong

email

address

7

The ‘new’ direct marketing legislation

eCommerce - from Policies to Practices

8

eCommerce - from Policies to Practices

http://www.pcpd.org.hk/english/pu

blications/files/DM_infographic_e.

pdf

9

eCommerce - from Policies to Practices

10

• Please check out the “New Guidance on Direct Marketing”http://www.pcpd.org.hk/english/publications/files/GN_DM_e.pdf

• Attend PCPD workshops on Direct Marketinghttp://www.pcpd.org.hk/english/activities/workshop.html

eCommerce - from Policies to Practices

11

Thank you

eCommerce - from Policies to Practices