Case Notes

Data access request made to a dental clinic... <more>

Are residents allowed to install smart doorbell equipped with recording function... <more>

Request a credit reference agency (CRA) to delete all information held in its database... <more>

The government department did not accept a Hong Kong Identity (HKID) Card copy with hand-written words... <more>

After the employee left the company, the employer published his/her departure information on a webpage... <more>

Whether disclosing information that data subjects have themselves made publicly available on social media is allowed... <more>

Seeking guidance on how to collect and use fully anonymised, non‑identifiable specimens for a retrospective study... <more>

Incorporated Owners installing door access system with face recognition function... <more>

A former employee of a pet grooming company accessed the online retail system via the accounts of existing employees – DPP 4 – security of person... <more>

Unauthorised access to membership database – DPP 4 – security of personal data... <more>

Loss of portable storage device containing personal data – DPP 4 – security of personal data... <more>

Refusal of data correction request by data user – whether justified – whether data sought to be corrected is expression of opinion – the role of ... <more>

A data access request made by a customer to a dental clinic... <more>

A bank mistakenly treated a customer’s request to change the office address as a change of correspondence address... <more>

A property management company posted a notice containing a tenant’s personal data on the door of his residence... <more>

This case related to DPP3 - Use of personal data , exemptions... <more>

Jurisdiction of AAB – Specified investigation – Administrative Appeals Board Ordinance (Cap. 442) (“Administrative Appeals Board Ordinance”)... <more>

This case related to Proper Handling of Data Access Request and Charging of Data Access Request Fee by Data Users... <more>