Respect Privacy and Purposes of Personal Data Collection
In the academic advising process, an academic adviser is given access to or provided with various types of personal data about the advisees. It is important for an academic adviser, under ethical, professional and legal obligations, to respect and protect the privacy and personal data of the advisees. In particular, an academic adviser should pay attention to the requirements of the Personal Data (Privacy) Ordinance (Ordinance) and, if applicable, the European Union’s General Data Protection Regulation (GDPR). For more information about the GDPR, in particular its applicability, please visit the GDPR Internal Website of the Information Technology Services.
The general requirement of the Ordinance is that personal data should only be used and disclosed with the prescribed consent of the data subject, or for the purpose (or a directly related purpose) for which the data has been collected.
In regard to the Ordinance, every student is informed via the Personal Information Collection Statement that his / her personal data will be used for the University to perform its administrative, education, academic and research functions, and for the directly related purposes. In this respect, it is necessary to consider carefully whether any use or disclosure of personal data falls within the purposes or other directly related purposes. If the GDPR is applicable, the GDPR Privacy Notice should also be considered. In case of doubt, prescribed consent of the data subject should be obtained.
The Ordinance has provided for certain exemptions on such grounds as prevention of crime, unlawful or seriously improper conduct, and protection of physical or mental health.
Principles to Observe in Academic Advising
As to practical issues, academic advisers should note and observe:
- Always seek students’ consent before you disclose their academic and/or personal information to other people;
- After each advising meeting, keep brief but concise notes, including, if any, the record of consent sought and given in respect of information disclosure;
- Notes of meeting, comments, file remarks and other records should be an accurate and fit-for-purpose summary of the process, facts, advice and discussions;
- Bear in mind that personal data (which includes an expression of opinion as defined by the Ordinance) contained in meeting notes / comment is subject to statutory data access request made pursuant to the Ordinance (i.e. students can request for accessing their personal data which are under the control of the University), and therefore avoid putting emotional commentaries or opinions down in the meeting notes / comment; and
- If an advisee has personal / emotional issues that warrant a referral to counsellor in CEDARS, advise the student that he / she should make an appointment with the CEDARS counsellor directly and promptly.
Advisers are strongly recommended to review the following resources for more detailed information regarding privacy and personal data protection:
- University’s Code of Practice in respect of the Personal Data (Privacy) Ordinance (login required)
- Office of the Privacy Commissioner for Personal Data (PCPD)
- Personal Data (Privacy) Ordinance
- Definition of Personal Data
- Six Data Protection Principles
- The General Data Protection Regulation Internal Website of the Information Technology Services (login required)
If you have other questions, please contact the University Data Protection Officer (Telephone: 2857 8277 or Email: firstname.lastname@example.org).