This FAQ, together with the summary of the requirements of the UEMO, illustrations and advice, is for general reference only. Readers should refer to the provisions of the UEMO for a complete and definitive statement of the law.

1.Background information on the UEMO

Point NumberQuestion
Q1.1 What messages are covered by the UEMO?
Q1.2 Can you give some examples of electronic messages covered by the UEMO?
Q1.3 What are the exemptions?
Q1.4 Does it cover commercial electronic messages sent from overseas?
Q1.5 Am I protected when my mobile has roamed to an overseas network?
Q1.6 Will a message sent by a non-profit making / charitable / religious organisation be considered to be commercial in nature and therefore be regulated under the UEMO?
Q1.7 Apart from the UEMO, what other measures are used by the government to control the UEM problem?
Q1.8 What are the penalties for these offences?
Q1.9 What is an enforcement notice and what is the penalty if an offender breaches the enforcement notice?
Q1.10 Can I claim damages from the sender who breached the UEMO?
Q1.11 What is an opt-out regime?
Q1.12 There are three legal documents, namely the UEMO, the UEM Regulation ("UEMR") and the Code of Practice("CoP"). How do they fit together?

2.Rules of sending of commercial electronic messages

Point NumberQuestion
Q2.1 What are the rules of sending of commercial electronic messages under Part 2 of the UEMO?
Q2.2 What sender information should appear in a commercial electronic message?
Q2.3 Is it okay to provide a P.O. box number as the address?
Q2.4 What unsubscribe facilities should be provided?
Q2.5 If I made an unsubscribe request to a sender, when should he/she stop sending me further commercial electronic messages?
Q2.6 In what language should the sender information and the unsubscribe facility statement be provided in the message?
Q2.7 Is there any requirements on the presentation of sender information and unsubscribe facility statement?
Q2.8 Is it a breach if an unsubscribe request is made by calling a telephone number many times, but the line is busy all the time?
Q2.9 How should a sender record the unsubscribe requests?

3.Unscrupulous techniques to reach out to more recipients (Part 3 of the UEMO)

Point NumberQuestion
Q3.1 What is meant by unscrupulous techniques to reach out to more recipients?
Q3.2 What are the requirements on the technical infrastructure from which the messages are sent?
Q3.3 What is address harvesting?
Q3.4 What are dictionary attack and brute force attack?
Q3.5 Why does the UEMO prohibit the use of scripts to register five or more email accounts?
Q3.6 What is an open relay and why is it a problem?

4.Fraud and other illicit activities related to the sending of multiple commercial electronic messages (Part 4 of UEMO)

Point NumberQuestion
Q4.1 What is meant by fraud and other illicit activities related to the sending of multiple commercial electronic messages?

5.What to do if a commercial electronic message is received?

Point NumberQuestion
Q5.1 I am receiving commercial electronic messages, what can I do about these?
Q5.2 What should I do if I received a person-to-person marketing call?
Q5.3 What should I do if I received phishing emails?
Q5.4 Should I complain or reply to the sender in order to avoid receiving further commercial electronic messages?
Q5.5 How to report suspected breach of the Ordinance?

1.Background information on the UEMO

Point NumberQuestion
Q1.1 What messages are covered by the UEMO?
A1.1

There are many types of Unsolicited Electronic Messages ("UEM"), for example, electronic marketing messages promoting products or services that can be sent as text and pre-recorded voice messages to telephones, to fax machines or to email addresses.

The UEMO cover any messages:
  1. with a commercial purpose (e.g. promoting a product or service or a service provider);
  2. sent over a public telecommunications service (e.g. pre-recorded voice messages sent to a mobile number, SMS messages, faxes, emails); and
  3. with a Hong Kong link:
    • in general, sent from HK or received in HK;
    • but also include sent to a Hong Kong telephone number which may have roamed outside of HK

    except for messages that fall into the exemptions as provided in Schedule 1 of the UEMO.

    Back to the top

Q1.2 Can you give some examples of electronic messages covered by the UEMO?
A1.2

Examples of electronic messages covered by the UEMO are:

  • a pre-recorded voice message sent to a Hong Kong mobile telephone number, selling any products or services such as medical services;
  • a fax advertisement sent to a company in Hong Kong, selling any products or services such as printer toner cartridges; and
  • an email sent to an email address which the registered user accessed whilst physically in Hong Kong, offering any products or services such as printing of business cards.

Back to the top

Q1.3 What are the exemptions?
A1.3

The UEMO contains a list of exempted electronic messages in Schedule 1. The regulatory requirements will NOT apply to those messages, including:

  • person-to-person calls;
  • messages sent in response to the recipient's specific requests, such as fax-on-demand; or
  • messages such as invoices or receipts to confirm a commercial transaction that the recipient has previously agreed to enter into with the sender.

Back to the top

Q1.4 Does it cover commercial electronic messages sent from overseas?
A1.4

Yes, commercial electronic messages received in Hong Kong are covered (whether the recipient is a Hong Kong resident or not). In addition to enforcement under the UEMO, we maintain close liaison with overseas enforcement agencies to join forces in combating spam-related crimes.

Back to the top

Q1.5 Am I protected when my mobile has roamed to an overseas network?
A1.5

Yes, as long as your mobile number is a Hong Kong mobile number, it is immaterial where you receive the message and the UEMO will still be applicable.

Back to the top

Q1.6 Will a message sent by a non-profit making / charitable / religious organisation be considered to be commercial in nature and therefore be regulated under the UEMO?
A1.6

The UEMO regulates commercial electronic messages that have a Hong Kong link. The definition of "commercial electronic message" is given in section 2 of the UEMO. Whether a message is commercial in nature has to be determined on a case-by-case basis, taking into account matters including the purpose and content of the concerned message. The nature of the sending organisation is not the only factor that would be considered. If the purpose (or one of the purposes) of the message sent by a non-profit making / charitable / religious organisation meets the criteria set under section 2 of the UEMO, the message would be considered as a commercial message.

Back to the top

Q1.7 Apart from the UEMO, what other measures are used by the government to control the UEM problem?
A1.7

The UEMO is one of the multi-pronged approaches (the STEPS campaign) to tackle the problems of UEMs. For information regarding other measures under the STEPS campaign, please refer to http://www.infosec.gov.hk/english/yourself/soans.html.

Back to the top

Q1.8 What are the penalties for these offences?
A1.8

Any individual or business contravening the UEMO may be liable to a fine or imprisonment, according to the following:

OffencesEnforcement agencyPenalties
Fraud and other illicit activities related to sending of multiple commercial electronic messages The Hong Kong Police Force but CA will carry out preliminary investigation and act as the first point of contact for public reporting Unlimited fine as set by the court and/or imprisonment up to ten (10) years
Use of unscrupulous techniques to expand the reach of commercial electronic messages

CA

A fine up to HK$1 million and/or imprisonment up to five (5) years
Contravention of the rules for sending commercial electronic messages CA An enforcement notice may be served to the offender. Contravention of the notice may attract a fine up to HK$100,000 on the first conviction

In addition, anyone who has suffered loss or damage as a result of a contravention of the UEMO may take his/her own individual civil action against those who committed the contraventions, irrespective of whether they have been convicted.

Back to the top

Q1.9 What is an enforcement notice and what is the penalty if an offender breaches the enforcement notice?
A1.9

If, following the completion of an investigation, the CA is of the opinion that a person has contravened the rules of sending commercial electronic messages and it is likely that the contravention will continue or be repeated, then the CA will issue an enforcement notice to that person specifying the contravention and the steps required to remedy the contravention within a prescribed period of time.

Contravention of an enforcement notice is an offence, punishable by a fine up to HK$100,000. Continuing offences would be punishable by a further fine of HK$1,000 a day.

Back to the top

Q1.10 Can I claim damages from the sender who breached the UEMO?
A1.10

Anyone who has suffered loss or damage as a result of a contravention of the UEMO may take his/her own individual civil action against those who committed the contraventions, irrespective of whether they have been convicted.

Back to the top

Q1.11 What is an opt-out regime?
A1.11

Under an opt-out regime, a sender may send out unsolicited messages to electronic addresses if he/she follows the rules of sending of commercial electronic messages. The rules include:

  1. to include sender information in the message to enable the recipients to identify who the senders (or the organisations authorising the sending of the message) are and how to contact them;
  2. to provide one or more unsubscribe facilities, and describe such facilities in the message, to enable the recipients to send unsubscribe requests to the party authorising the sending of the message;
  3. to cease sending further messages to those electronic addresses which the registered users has submitted an unsubscribe request via the unsubscribe facility; and
  4. not to send commercial electronic messages to electronic addresses which are listed in do-not-call registers.

The registered user of the receiving electronic address can:

  1. find out from the message who the sender is and contact the sender if necessary;
  2. stop further commercial electronic messages from the same sender at his/her electronic address by using the provided unsubscribe facility to send an unsubscribe request to the sender; and
  3. stop further commercial electronic messages from all senders (except those to whom consent is given) at his/her electronic address by registration in the Do-not-call Registers.

The opt-out regime can be contrasted with the opt-in regime in which prior consent must be obtained from the registered user of an electronic address before a commercial electronic message can be sent.

Back to the top

Q1.12 There are three legal documents, namely the UEMO, the UEM Regulation ("UEMR") and the Code of Practice ("CoP"). How do they fit together?
A1.12

The Unsolicited Electronic Messages Ordinance (UEMO) is the main body of the legislation. The Unsolicited Electronic Messages Regulation (UEMR) is the subsidiary legislation prescribing detailed requirements relating to "sender information" and "unsubscribe requests" to be included in messages. The Code of Practice provides guidance in respect of the application or operation of the provisions of the UEMO. Although codes of practice are not statutory requirements and failure to observe such codes of practice would not be subject to legal proceedings, they represent the views of the CA on how certain statutory provisions should be applied or operated and are admissible in evidence in legal proceedings. If the court is satisfied that a code of practice is relevant to determining a matter at issue, failure to observe the code of practice may be relied upon to establish or negate that matter.

Back to the top

2.Rules of sending of commercial electronic messages

Point NumberQuestion
Q2.1 What are the rules of sending of commercial electronic messages under Part 2 of the UEMO?
A2.1
Rules for Sending Commercial Electronic MessagesExamples of Contravention of the RulesPenalty

A sender of commercial electronic message shall:

  • not hide the calling line identification (CLI) when sending messages to telephones;
  • not send out email messages with misleading subjects;
  • identify oneself and provide contact information;
  • offer a way for recipients to unsubscribe from receiving further messages and honour such requests within ten (10) working days; and
  • not send commercial electronic messages to electronic addresses registered in the do-not-call registers unless consents have been given by the recipients to receive those messages.
  • Pre-recorded voice messages to telephones with CLI withheld;
  • Fax advertisements without providing a way for recipients to decline receiving further faxes;
  • Continuing to send commercial electronic messages to a recipient despite his/her unsubscribe request; or
  • Sending commercial electronic message to electronic addresses registered in the do-not-call registers without the consent of the registered users of those electronic addresses.

CA may issue enforcement notice to first time offenders. If the offender contravenes the enforcement notice, he/she is liable to a maximum fine of $100,000.

CA is the enforcement agency for Part 2 of the UEMO.

Back to the top

Q2.2 What sender information should appear in a commercial electronic message?
A2.2

In the case of pre-recorded voice or video messages, the required sender information includes the sender's name, address and contact telephone number. Instead of directly providing the address and contact number, the sender may provide a facility by which the recipient may enter a key specified in the message to immediately request to be provided with the address and the contact telephone number.

In the case of fax, the required sender information includes the sender's name, address and contact telephone number.

In the case of SMS, the required sender information includes the sender's name, address and contact telephone number. The address may be omitted from the message if the recipient is able to obtain the address by using the contact telephone number.

In the case of email, the required sender information includes the sender's name, address, contact telephone number and contact email address.

Back to the top

Q2.3 Is it okay to provide a P.O. box number as the address?
A2.3

No. The address required under the UEMR, in relation to an individual or organisation, means the address of his or its usual place of business, but does not include a postal box address.

Back to the top

Q2.4 What unsubscribe facilities should be provided?
A2.4

The UEMR (section 9) requires that:

  1. in the case of SMS, at least a HK telephone number with which unsubscribe requests may be made orally or by entering key inputs has to be provided as the unsubscribe facility;
  2. in other cases, at least one of the unsubscribe facilities provided must be capable of receiving an unsubscribe request transmitted from the telecommunication device that is used by the recipient to access the message. Guidance is further given in the CoP such that:
    1. in the case of pre-recorded voice or video telephone calls, at least one unsubscribe facility should be activated by key input of a specified one-digit number, and should be ready for use immediately after the unsubscribe facility statement has been given and should be available throughout the duration when the rest of the message is being played;
    2. in the case of a facsimile, at least one unsubscribe facility should be a Hong Kong facsimile number; and
    3. in the case of an email, at least one unsubscribe facility should be an email address, a web page or a web address;

Back to the top

Q2.5 If I made an unsubscribe request to a sender, when should he/she stop sending me further commercial electronic messages?
A2.5

The sender should, within 10 working days from the day on which the unsubscribe request is sent, stop sending any further commercial electronic messages to the electronic address in respect of which the unsubscribe request was sent.

Back to the top

Q2.6 In what language should the sender information and the unsubscribe facility statement be provided in the message?
A2.6

Section 6 and 7 of the UEMR requires the sender information and the unsubscribe facility statement to be given in both Chinese and English. However, if the recipient has indicated to the sender that these can be given solely in one language (for example, by asking the recipient for his language preference at the beginning of the pre-recorded voice message), the sender may give the information solely in that language.

It is recognised that some individual or organisation may not have a Chinese name. Similarly, an overseas company will have difficulty to provide their address in Chinese. Section 6(3) and (4) of the UEMR provides that in such circumstances, the particular information of name and address can be given in either Chinese or English only.

Back to the top

Q2.7 Is there any requirements on the presentation of sender information and unsubscribe facility statement?
A2.7

The UEMR imposes some conditions on the order of presenting the sender information and the unsubscribe facility statement in the case of pre-recorded voice or video messages. This is aimed to facilitate the recipients to identify the sender and decide whether to listen on quickly.

If the sender is providing a key input to request for address and/or telephone number, the name of the sender, the key and the unsubscribe facility statement should be presented at the beginning of the message, in the order of:

  1. first, the name
  2. secondly, the unsubscribe facility statement; and
  3. thirdly, the specified key input (section 8(3) of the UEMR).

Otherwise, the sender information and the unsubscribe facility statement should be presented at the beginning of the message, in the order of:

  1. first, the name;
  2. secondly, the unsubscribe facility statement; and
  3. thirdly, other sender information including the contact telephone number and address (section 8(2) of the UEMR).

In addition, the CoP suggests that the sender information and the unsubscribe facility statement should be presented at such speed so as to be reasonably audible (paragraphs 6.3(a) and 8.3(a) of the CoP).

For fax or email messages, the CoP has provided guidelines in paragraph 6 and paragraph 8. In general, the CoP suggests that the sender information can be presented prominently at the top, or the bottom, of the first page of the fax message or the body of the email message. The sender information should be reasonably visible in terms of font size, position and contrast.

Similarly, the unsubscribe facility statement should be:

  1. prominently displayed either at the top or at the bottom of the first page of the fax message;
  2. reasonably visible in terms of font size, position and contrast; and
  3. separate and distinguishable from the commercial content of the message.

For SMS, the CoP has detail guidelines on the label to precede the contact telephone number and the unsubscribe facility telephone number. Details can be found in paragraph 6.4 and 8.4 of the CoP.

Back to the top

Q2.8 Is it a breach if an unsubscribe request is made by calling a telephone number many times, but the line is busy all the time?
A2.8

Section 9(1)(f) of the UEMO requires the unsubscribe facility to be reasonably likely to be capable of receiving the recipient's unsubscribe request at all times during a period of at least 30 days after the message is sent. The CoP gives further guideline that if a telephone number or a facsimile number is provided as the unsubscribe facility, the sender should use reasonable endeavours and take into account the volume and rate of commercial electronic messages being sent to design the capacity of the concerned telecommunications line (and the relevant human resources if applicable) so that the unsubscribe facility has adequate capacity to receive the incoming unsubscribe requests.

Back to the top

Q2.9 How should a sender record the unsubscribe requests?
A2.9

According to section 9(3) of the UEMO, the sender should retain a record of unsubscribe requests in a format in which they were originally received, or in a format that can be demonstrated to represent accurately the information originally received, for at least 3 years after their receipt.

Therefore, how the record should be kept depends on the actual unsubscribe facility provisioned. If you are taking the suggestions given the CoP to provide the unsubscribe facility, you would be able to retain a record of the unsubscribe request in the following formats:

Type of MessageUnsubscribe FacilityFormat of record
Pre-recorded voice or video messages A one-digit key pressed during the pre-recorded voice or video call A digital record of the recipient numbers who has pressed the specified key
Fax A fax number Keep the received fax as record.You may further streamline the process by using an electronic fax service as unsubscribe facility, or scanned the received fax pages, so that the record can be kept digitally.
Email An email account, a web address / web page Keep the received email or the computer log for the submission via the web page for record purpose.
SMS A telephone number for receiving unsubscribe request orally, or by pressing a key.

In the case of using an IVRS to accept a key pressed, a computer log file may be kept as record.

If oral unsubscribe request is to be accepted, you may, subject to compliance with the Personal Data (Privacy) Ordinance (Cap.486) and any applicable law, record the actual conversation in order to meet the statutory requirement.

Back to the top

3.Unscrupulous techniques to reach out to more recipients (Part 3 of the UEMO)

Point NumberQuestion
Q3.1 What is meant by unscrupulous techniques to reach out to more recipients?
A3.1

The offences in Part 3 of the UEMO are unscrupulous techniques to expand the reach of commercial electronic messages. In general, there are legitimate uses of these techniques in isolation.However, if they are used in connection with the sending of commercial electronic messages, the sender will be able to send out messages to more recipients or in a shorter time.These techniques are prohibited for use in connection with the sending of commercial electronic messages, so as to minimise the nuisance caused to recipients.

OffencesExamples of Prohibited ActivitiesPenalty

Part 3 of the UEMO – use of unscrupulous techniques to reach out to more recipients, including:

  • supply, acquisition or use of telephone number or email address harvesting software1/ harvested address lists for sending commercial electronic messages without the consent of the recipients;
  • generating electronic addresses by automated processes to send a commercial electronic message;
  • use of scripts or other automated means to register for five (5) or more email addresses to send multiple commercial electronic messages; or
  • relay or retransmission of multiple commercial electronic messages to deceive or mislead recipients as to the source of such messages.
  • Selling of harvested address list for the use of sending commercial electronic messages;
  • Use of address harvesting software to capture from a web site email addresses, whose owners have not given consent, for sending of commercial electronic messages;
  • Dictionary or brute force attack in spam emails; or
  • Use of open relay or open proxy to hide the sender's source email address.

A fine up to HK$1 million and/or imprisonment up to five (5) years

The enforcement agency for Part 3 of the UEMO is CA.

1 Address harvesting software means software that is specifically designed or marketed for use for searching the Internet or a public telecommunications network, and collecting electronic addresses such as telephone numbers or email addresses

Back to the top

Q3.2 What are the requirements on the technical infrastructure from which the messages are sent?
A3.2

The UEMO also places a number of requirements on how commercial electronic messages should be sent using technical infrastructure. These requirements include:

  1. Not to use automated means to generate an electronic address to which a commercial electronic message is sent (section 18 of the UEMO);
  2. Not to use scripts or other automated means to register for 5 or more email addresses (section 19 of the UEMO);
  3. Not to relay or retransmit multiple commercial electronic messages with the intent to deceive or mislead recipients, or any telecommunications service provider, as to the source of such messages (section 20 of the UEMO);
  4. Not to access a telecommunications device without authorisation to send multiple commercial electronic messages (section 22 of the UEMO);
  5. Not to initiate transmission of multiple commercial electronic messages from a telecommunications device, service or network without authorisation, with the intent to deceive or mislead recipients as to the source of such messages (section 23 of the UEMO);
  6. Not to falsify header information in multiple commercial electronic messages and send such messages (section 24 of the UEMO);
  7. Not to register for 5 or more electronic addresses or 2 or more domain names with information that materially falsifies the identity of the actual registrant, and knowingly initiates the transmission of multiple commercial electronic messages from such electronic addresses or domains; and
  8. Not to falsely represents as the registrant of 5 or more electronic addresses or 2 or more domain names, and knowingly initiates the transmission of multiple commercial electronic messages from such electronic addresses or domains.

In summary, you should:

  • Only use email addresses or domains that are legitimately registered with true identification information;
  • Leave it to the email software to create the email header information;
  • Not send your email through open/unauthorised relay or proxy;
  • Not to use automated means to generate email addresses; and
  • Not to use throwaway email accounts.

Back to the top

Q3.3 What is address harvesting?
A3.3

In order to expand the reach of messages, spammers may make use of address-harvesting software and/or harvested-address lists when creating distribution lists. Address-harvesting software is defined in section 14(1) of the UEMO and in general, means software specially designed to search the Internet or a public telecommunications network to collect electronic addresses.

The UEMO bans the supply, acquisition or use of address-harvesting software and/or harvested-address lists for the purpose of sending UEMs. If you are supplying or acquiring address list for marketing purposes, you should make sure that such lists are not created by using address-harvesting software.

Businesses and organisations, which need to publish their email addresses on the Internet, may consider displaying the addresses in a way that makes address harvesting more difficult. For tips on protecting email addresses from being harvested and other methods to reduce incoming spam, please refer to the Government's Information Security (InfoSec) web site.

Back to the top

Q3.4 What are dictionary attack and brute force attack?
A3.4

Dictionary or brute force attacks are often referred to as automated techniques used by email spammers to reach out to a large number of email recipients easily. These techniques try to use an automated means to mix/join all possible words/names or combinations of letters and alphabets to formulate recipient email addresses with a hope to reach some valid mailboxes. The ban on the use of such automated techniques under the UEMO is not only limited to email messages, but rather generally on all types of electronic messages. Lists generated manually are not prohibited.

Back to the top

Q3.5 Why does the UEMO prohibit the use of scripts to register five or more email accounts?
A3.5

Scripts or other automated means to create multiple email accounts are occasionally used by system administrators or telecommunications service providers to perform administration of information systems efficiently. However, these are also used by email spammers to create multiple email accounts for temporary use to send spam email messages. The spammers will normally discard these email accounts after a short while and move on to a new set, in order to avoid detection.

The UEMO bans the use of scripts or automated means to register for five or more email accounts for subsequent sending of multiple UEMs.

Back to the top

Q3.6 What is an open relay and why is it a problem?
A3.6

An open relay refers to an email server that lets a third-party send emails to other parties. It comes about when the mail server processes a mail where neither the sender nor the recipient is a local or a known user to the server. Email sent in this way will only bear the email server's IP address and not that of the third-party.

By exploiting open relays, email spammers can conceal their true IP addresses so that recipients of the spam email messages have no means to find out the real source. Such exploitation is prohibited under the UEMO.

It is possible for a computer to be running an open proxy or open relay without the knowledge of the computer's owner. This can be the result of mis-configuration of email server running on their computer, or of infection with malware (such as viruses, trojans or worms). To better protect yourselves and your company, IT administrators should ensure that:

  • their network and computers are protected with the right security arrangements;
  • their servers are not running any open relay or open proxy software; and
  • their email messages are not routed through any relay or proxy not under their control.

If in doubt, you should consult qualified IT security professionals.

Back to the top

4.Fraud and other illicit activities related to the sending of multiple commercial electronic messages (Part 4 of UEMO)

Point NumberQuestion
Q4.1 What is meant by fraud and other illicit activities related to the sending of multiple commercial electronic messages?
A4.1

The offences in Part 4 of the UEMO are fraud and other illicit activities related to the sending of multiple commercial electronic messages.In general, these activities are associated with professional spammers that send out large quantity of messages.The professional spammers use these techniques to cover their track and avoid being identified.

OffencesExamples of Prohibited ActivitiesPenalty

Part 4 of the UEMO – fraud and other illicit activities related to the sending of multiple2 commercial electronic messages, including:

  • accessing a telecommunications device without authorisation to send multiple commercial electronic messages;
  • sending of multiple commercial electronic messages from a telecommunications device without authorisation with a view to deceiving or misleading recipients about the source;
  • falsifying header4 information in multiple commercial electronic messages and sending of such messages;
  • registering for electronic addresses or domain names using information that falsifies the identity of actual registrants to send multiple commercial electronic messages; and
  • falsely representing to be the registrant of an electronic address or a domain name to send multiple commercial electronic messages.
  • Hacking into computers to send multiple commercial electronic messages;
  • Use of zombie3 computers to send multiple commercial electronic messages; or
  • Sending of multiple commercial emails with email header4 information falsified.

Unlimited fine as set by the court and/or imprisonment up to ten (10) years

As these activities are fraudulent in nature, these cases will be investigated by the Hong Kong Police Force. Reports may be raised to CA by filling in a report form, and CA will review and classify the cases. Cases falling into this category will then be referred to Hong Kong Police Force for handling.

2 "Multiple commercial electronic messages" mean transmission of more than 100 commercial electronic messages during a 24 hour period, or more than 1000 commercial electronic messages during a 30-day period.

3 A computer attached to the Internet that has been compromised by a hacker, a computer virus, or aTrojan program. Such computers are usually used to perform malicious tasks such as spamming under remote direction, with the owner normally unaware of such tasks.

4 Header is machine-generated information about the source or routing of the electronic message such as calling line identifications or IP addresses.It does not include the 'from' field in email message which can easily be altered by senders.

Back to the top

5.What to do if a commercial electronic message is received?

Point NumberQuestion
Q5.1 I am receiving commercial electronic messages, what can I do about these?
A5.1

With the UEMO fully effective from 22 December 2007,:

  • you can register your fixed, mobile or fax numbers in the do-not-call registers;
  • you can use the unsubscribe facility provided in the commercial electronic message to send an unsubscribe request to the sender;
  • you can report any contravention to the rules for sending commercial electronic messages to CA. These rules include:
    • the sending of commercial electronic messages without accurate sender information for you to contact the sender;
    • the sending of commercial electronic messages without providing you with "unsubscribe" facilities;
    • not honouring your "unsubscribe" request within ten (10) working days;
    • the sending of commercial electronic messages to any telephone or fax number registered in the do-not-call registers (applicable to fax, short messages and pre-recorded messages only) starting from the tenth (10) working day of its registration, unless consent has been given by the registered user of the relevant telephone or fax number;
    • using misleading subject headings in commercial email messages; and
    • withholding CLI when sending a commercial electronic messages to a telephone number.
    CA will investigate and may issue enforcement notice to the sender;
  • if you suspect that someone is selling or using harvested address lists, you should report it to CA. CA will investigate and may take prosecution action against the seller or user; and
  • if you suspect that your computer has been hacked by someone to send out commercial electronic messages, you should report it to CA. CA will collate reports and may transfer the case to the Hong Kong Police Force where applicable.

 

Back to the top

Q5.2 What should I do if I received a person-to-person marketing call?
A5.2

Person-to-person marketing calls are not within the scope of the UEMO. However, if you believe that these calls are made using your personal data for direct marketing (e.g. the caller is able to identify you), you can report the case to the Office of the Privacy Commissioner for Personal Data (PCPD). For more information, please see PCPD's website at http://www.pcpd.org.hk/.

Back to the top

Q5.3 What should I do if I received phishing emails?
A5.3

In general, phishing emails are not covered by the UEMO but rather by other criminal law. You may report them to the Hong Kong Police Force.

Back to the top

Q5.4 Should I complain or reply to the sender in order to avoid receiving further commercial electronic messages?
A5.4

You have the right to ask a sender of commercial electronic messages to stop sending you further messages by making an unsubscribe request and the sender must honour such request. By keeping a record of the unsubscribe requests made, you may assist investigation if such request is not honoured.

Nevertheless, some commercial electronic messages, especially email spams, are sent by professional spammers, rather than legitimate businesses. If you receive an email that seems dubious, for example, the subject line or sender looks suspicious, it is safer to delete it immediately without opening it. Do not reply and do not click on any links, including 'unsubscribe' links. Doing so may result in even more spam because the action confirms that your email address is a valid address.

Back to the top

Q5.5 How to report suspected breach of the Ordinance?
A5.5

If you wish to make a report to CA, please fill in the report form posted on our web site or obtainable through our fax-on-demand service (please call 2961 6333). The form can be filled in online or can be sent:

by post to :
    UEM Section
    Office of the Communications Authority
    29/F, Wu Chung House, 213 Queen's Road East
    Wan Chai, Hong Kong

by fax to : 3155 0956

You may also report any contravention by a letter to the above postal address. The letter should include the following information:

  • your full name;
  • your postal address, contact telephone number, fax number or email address;
  • the type of message received, receiving electronic address, the date and time the message was received, and other contact information provided in the message, such as telephone number;
  • details of the suspected breach; and
  • any other documents that would assist us to handle your report, such as the fax received.

In case you have difficulty in expressing yourself in writing, you may contact us by calling 29616333 (from 8:30am to 5:45pm, Monday to Friday except public holidays). Our officer can help to fill in the report form for you. To ensure accuracy, the completed form will be sent by post or by fax to you for your confirmation and signature.

Back to the top