Plan for the 2021 Population Census
Improvement to the data collection approach
Given the rapid advancement in technology, Mr CHAN Chun-ying was concerned whether the multi-modal data collection approach (i.e. collecting data through e-Questionnaires (“eQ”), telephone interviews, postal returns and conventional face-to-face interviews) for the 21C had evolved with time, whether the approach would meet international standards, and whether the Administration had made reference to the latest data collection approaches for population censuses adopted by other jurisdictions. In light of the initiative to promote Hong Kong into a smart city, he further enquired if the Administration had considered adopting the big data readily available in the public and private sectors (e.g. personal particulars collected by the Inland Revenue Department, Hospital Authority, schools, and utilities and telecommunications companies etc.) for conducting population censuses/by-censuses in the future so as to reduce the costs for collecting data and further enhance accuracy of the data.
The Commissioner for Census and Statistics (“C for C&S”) advised that the Census and Statistics Department (“C&SD”) had made reference to international practices for conducting population censuses in formulating the approach for the 21C, and the multi-modal approach of the 21C was similar to that commonly used by other countries for conducting population censuses. For instance, C&SD had introduced eQ which allowed respondents to provide data using their smart phones or mobile tablets anytime and anywhere. On the proposal of using big data in population censuses and by-censuses, C for C&S said that with the advancement of technology, there were plans to use more administrative data collected from other sources in the 21C to reduce the number of questions in the questionnaires and the time required to complete the questionnaires, as well as to enhance data quality.
The quality of data on housing characteristics
To ensure the quality of data collected for sub-divided units (“SDUs”), Mr CHAN Chun-ying suggested that C&SD should increase the sampling fraction in industrial buildings to more than one-tenth as applied to an ordinary housing estate, as nowadays industrial buildings had a large cluster of SDUs.
C for C&S advised that experienced census officers in C&SD would be deployed to update the sampling frame for the 21C including collection of information on industrial buildings and SDUs based on various peripheral signs outside the quarters. The prevalence of SDUs in different geographical areas would be taken into account in the sampling frame so as to ensure the quality of the census results.
Personal data protection issues relating to credit reference agencies
Follow-up actions taken by TransUnion Limited and the Privacy Commissioner for Personal Data
Mr CHAN Chun-ying pointed out that the knowledge-based authentication (“KBA”) process for verifying a consumer’s identity for accessing credit reports in TransUnion’s online platform might pose security risks to the online services. He enquired about the measures TransUnion had adopted or planned to adopt to plug the security loopholes, and whether TransUnion would explore other authentication technologies to enhance the security of its online system, such as notifying the individual concerned through SMS about a request for accessing his/her credit information.
Ms WANG advised that TransUnion’s online system had adopted a multi-layered and multi-factor authentication solution and KBA was one component of its solution. In view of the Incident, TransUnion was working on multiple enhancement solutions and introducing additional and sophisticated checks, to enhance the security level of its online system. For customers who had already registered for the online services, TransUnion was re-verifying the existing customer base leveraging one-time passwords and an updated account enrolment process, and also implementing a two-factor authentication for account login. Moreover, TransUnion had engaged an independent third party to conduct a review of the enhancement solutions and might introduce additional security measures where necessary.
Business model of and online services provided by TransUnion limited
In response to Mr CHAN Chun-ying’s enquiry about TransUnion’s business partners, Ms WANG said that TransUnion performed due diligence on business partners including the imposition of security requirements and the right to audit. Business partners were audited for their ability to meet TransUnion’s standards and were continuously monitored between audits. Any risks identified were tracked for remediation, with governance processes to monitor progress at all levels of management.
Given that at present TransUnion was the only CRA in Hong Kong, Mr CHAN Chun-ying enquired whether HKMA would consider introducing competition in the market, as well as prescribing standards and requirements for CRAs operating in Hong Kong. He referred to “MyInfo”, a government-backed digital vault developed by the Singaporean government for consolidating residents’ personal data, and enquired if the Administration and HKMA would consider developing a central database for maintaining consumer credit information after implementation of the one-stop online system for the provision of electronic identity, with a view to replacing the paid services currently provided by commercial CRAs.
DCE/HKMA advised that under the current legal framework, CRAs were not regulated by HKMA. HKMA, as a regulator of banks, had been consulting the banking industry since the second quarter of 2018 on ways to further enhance the current mechanism on sharing and utilization of customers’ credit information through CRAs. The consultation had covered, among others, the need of having more than one CRA in Hong Kong and the possible risks that might arise from an increasing number of CRAs operating in Hong Kong. HKMA would continue to communicate with the banking industry on the future development of CRAs.
Mr Charles MOK said that Mr CHAN Chun-ying proposed an amendment to his motion and he agreed with the proposed amendment. Mr MOK read out the amended motion. The terms of the motion were as follows
“目前信貸提供者和信貸資料庫的行為只有實務守則規管，對消費者 權益保護非不足。鑒於信貸資料服務機構持有大量消費者信貸紀 錄等敏感個人資料，本會促請政府研究對信貸資料服務機構的規 管，加強監察收集、持有、處理或使用客戶個人信貸資料的活動， 令將來運用創新科技提供個人信貸資料更加透明、安全，完善法例 以提升社會對信用評級資料服務的信心。”
“Currently, as the conduct of credit providers and credit databases is only regulated under a code of practice, the protection of consumer rights and interests is very inadequate. Given that credit reference agencies are in possession of a large amount of sensitive personal data such as consumer credit records, this Panel urges the Government to study the regulation of credit reference agencies, strengthen the monitoring of the collection, holding, handling or use of customers’ personal credit data, increase the transparency and security of using innovative technologies to provide personal credit data in the future, and refine the legislation to enhance the community’s confidence in credit rating reference services.”
The Chairman then put Mr Charles MOK’s motion as amended by Mr CHAN Chun-ying to vote. Mr Charles MOK requested the voting bell be rung for five minutes to notify Panel members of the voting and a division of the votes. The voting bell rang for five minutes. Seven members voted for, no member voted against the motion, and no member abstained.
The Chairman declared that the amended motion was passed. The votes of individual members were as follows:
For Mr WU Chi-wai Mr Charles MOK Mr Dennis KWOK Mr Alvin YEUNG Mr CHU Hoi-dick Mr SHIU Ka-fai Mr CHAN Chun-ying (7 members)