PCO Office of the Privacy Commissioner for Personal Data, Hong Kong image image
Privacy Policy StatementSearchSite DirectoryText Only VersionChinese  
Annual ReportCode of Practice & Explanatory BookletConsultation Document/Report
NewsletterGuidance Note & Fact SheetLeaflet & FormOpinion Survey
OthersInvestigation Report / Inspection ReportInformation Book
image

Publications and Videos
Investigation Report  / Inspection Report

 

Investigation Report

   
1. Unfair collection of personal data by the use of “blind” recruitment advertisement
(Report Number: R14–6242; Date issued: 29 May 2014)

2. Collection of Excessive Personal Data from Membership Applicants by J.V. Fitness Limited (trading as California Fitness)
(Report Number: R13–12828; Date issued: 5 December 2013)

3. Hong Kong Police Force’s Repeated Loss of Documents Containing Personal Data
(Report Number: R13–0407; Date issued: 24 October 2013)

4. The Hong Kong Police Force leaked internal documents containing personal data via Foxy
(Report Number: R13–15218; Date issued: 24 October 2013)

5. Hospital Authority's breach of data security in connection with disposal of patient records
(Report Number: R13–6740; Date issued: 24 October 2013)

6. Glorious Destiny Investments Limited and Brilliant United Investments Limited Publicly Disclosed Litigation and Bankruptcy Information Collected from the Public Domain to Their Customers via Smartphone Application "Do No Evil"
(Report Number: R13–9744; Date issued: 13 August 2013)

7. Transfer of Personal Data Collected Unfairly from the Public by HK Preventive Association Limited to AEGON Direct Marketing Services Insurance Broker (HK) Limited for Use in Direct Marketing
(Report Number: R13–1138; Date issued: 9 April 2013)

8. The Collection and Use of Personal Data of Members Under the MoneyBack Program run by A.S. Watson Group (HK) Limited through “Watsons”
(Report Number: R12–3890; Date issued: 11 October 2012)

9. The Collection and Use of Personal Data of Members Under the MoneyBack Program run by A.S. Watson Group (HK) Limited through “PARKnSHOP”
(Report Number: R12–3888; Date issued: 11 October 2012)

10. The Collection and Use of Personal Data of Members Under the Fun Fun Card Program run by The China Resources Vanguard (Hong Kong) Company Limited
(Report Number: R12–0080; Date issued: 11 October 2012)

11. The Collection and Use of Personal Data of Members Under the Mann Card Program run by The Dairy Farm Company Limited
(Report Number: R12–0079; Date issued: 11 October 2012)

12. Unfair Collection of Two Artistes' Personal Data by FACE Magazine Limited
(Report Number: R12–9164; Date issued: 28 March 2012)

13. Unfair Collection of an Artiste's Personal Data by Sudden Weekly Limited
(Report Number: R12–9159; Date issued: 28 March 2012)

14. Collection of Employees' Personal Data by Covert Recording Device by Hong Yip Service Company Limited
(Report Number: R12–4839; Date issued: 14 February 2012)

15. Collection of Vehicle Owners' Personal Data from Register of Vehicles for Direct Marketing by Imperial Parking (HK) Limited
(Report Number: R12–3428; Date issued: 14 February 2012)

16. Transfer of Customers' Personal Data by CITIC Bank International Limited to unconnected third parties for direct marketing purposes
(Report Number: R11–1745; Date issued: 15 December 2011)

17. Prolonged Retention of Customers' Bankruptcy Data by Hang Seng Bank Limited
(Report Number: R11-6121; Date issued:
15 December 2011)

18. Collection of Data from Savings Account Applicants by Hang Seng Bank Limited
(Report Number: R11-8371; Date issued:
15 December 2011)

19. Inland Revenue Department Failed to Take All Reasonably Practicable Steps to Ensure the Accuracy of a Taxpayer's Address
(Report Number: R11–11778; Date issued: 20 June 2011)

20. Collection and Use of Customers' Personal Data by Industrial and Commercial Bank of China (Asia) Limited in Direct Marketing
(Report Number: R11-7946; Date issued:
20 June 2011)

21. Transfer of Customers' Personal Data by Wing Hang Bank, Limited to a Third Party Insurance Company for Direct Marketing
(Report Number: R11-2853; Date issued:
20 June 2011)

22. Transfer of Customers' Personal Data Collected from On-street Promotional Activities by Citibank (Hong Kong) Limited to a Third Party Insurance Company
(Report Number: R11-1982; Date issued:
20 June 2011)

23. Transfer of Customers' Personal Data by Fubon Bank (Hong Kong) Limited to an Insurance Company without Customers' Consent
(Report Number: R11-1696; Date issued:
20 June 2011)

24. A Telecommunications Company Authorized Another Company to Make Direct Marketing Calls
(Report Number: R10-4422; Date issued: 17 November 2010)

25. The Collection and Use of Personal Data of Members under the Octopus Rewards Programme run by Octopus Rewards Limited
(Report Number: R10-9866; Date issued: 18 October 2010)

26.
Transfer of Personal Data of Customers by Beauty Centre without Customers' Consent
(Report Number: R10-13416; Date issued: 30 July 2010)

27. Bank Imposing Fee at a Flat Rate for Complying with a Data Access Request
(Report Number: R10-5528; Date issued: 24 February 2010)

28. Debt Collection Agency authorized by a Finance Company Disclosed Personal Data of Debtor's Family Members During Debt Recovery
(Report Number: R10-11568; Date issued: 24 February 2010)

29. Food Company Collecting Participants' Personal Data in Lucky Draw Activity
(Report Number: R09-3658; Date issued: 7 August 2009)

30. Tutorial Centre Using a Student's Results Notice for Promotion without the Student's Consent
(Report Number: R09-2902; Date issued: 3 August 2009)


31. Employer Collecting Employees' Fingerprint Data for Attendance Purpose 
(Report Number: R09-7884; Date issued: 13 July 2009)


32. University refusing to comply with data access request in relation to examination marking
(Report Number: R08-10578; Date issued: 19 January 2009)


33. Loss of Patient's Personal Data by United Christian Hospital
(Report Number: R08-1935; Date issued: 24 December 2008)


34. Collection of Personal Data by Credit Provider for Business Promotion
(Report Number: R07-6168; Date issued: 21 September 2007)
   
35.

The Disclosure of Email Subscriber's Personal Data by Email Service Provider to PRC Law Enforcement Agency
(Report Number: R07-3619; Date issued: 14 March 2007)

Glossary and Annexures

Reference can also be made to the Administrative Appeals Board's Decision.
(Administrative Appeal No.16 of 2007; Date of Hearing: 25 September 2007,
Date of handing down Decision with Reasons: 26 November 2007)

   
36.

Must Take Security Measures to Protect Personal Data when Engaging Outsourced Contractor
(Report Number: R06-2599; Date issued: 26 October 2006)

Annex A

   
37. The practice of collection of employees' personal data by pinhole cameras without proper justification is excessive and unfair in the circumstances of the case
(Report Number: R05-7230; Date issued: 8 December 2005)
   
38. Unfair collection and disclosure of personal data
(Report Number: R97-1948; Date issued: 13 October 1997)

Inspection Report

1. Report on the Inspection of the Personal Data System of the Student Financial Assistance Agency
(Report Number: R14-3771; Date issued: 23 January 2014)

2. Report on the Inspection of the Personal Data System of the MTR’s CCTV System
(Report Number: R13-2768; Date issued: 9 April 2013)

3. Report on the Inspection of the Personal Data System of The Trial Scheme on School Drug Testing in Tai Po District
(Report Number: R12-5825; Date issued: 26 July 2012)

4. Report on the Inspection of the Personal Data System of TransUnion Limited
(Report Number: R11-3803; Date issued: 15 March 2011)

5. Report on the Inspection of the Hospital Authority's Patients' Data System
(Report Number: R08-4232; Date issued: 22 July 2008)

 


  imageNotice/ Copyright © Office of the Privacy Commissioner for Personal Data, Hong Kong. All rights reserved. Disclaimer

The contents of this website (including all uploaded publications) must be read subject to the Personal Data (Privacy) (Amendment) Ordinance 2012. Full Version