Skip to content
Case Notes
Case Notes
year
--Year--
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999
1998
1997
Category
--Category--
Appeal case
Complaint case
Compliance case
Enquiry case
By Provisions/DPPs/COPs/Guidelines
--By Provisions/DPPs/COPs/Guidelines--
Proper Handling of Data Correction Request by Data Users
Part 9A of the Ordinance
DPP1 - Purpose and manner of collection of personal data
DPP2 - Accuracy and duration of retention of personal data
DPP3 - Use of personal data
DPP4 - Security of personal data
DPP5 - Information to be generally available
DPP6 - Access to personal data
Code of Practice on Consumer Credit Data
Code of Practice on Human Resource Management
Code of Practice on the Identity Card Number & Other Personal Identifiers
exemptions
Privacy Guidelines: Monitoring and Personal Data Privacy at Work
provisions on direct marketing
Proper Handling of Data Access Request and Charging of Data Access Request Fee by Data Users
N/A
Section 2 of the Ordinance – definition of “personal data”
Section 37 of the Ordinance
Section 38 of the Ordinance
Section 64 - disclosing personal data
Section 39 of the Ordinance
Section 26 – erasure of personal data
By Topic/Subject Matter
--By Topic/Subject Matter--
Biometrics data
Blind-ad
Complaint Handling Policy
Consumer credit data
Customer data
Data Access Request Fee
Debt collection
E-mail
Education
Election
Employment
Hong Kong Identity Card number / Hong Kong Identity Card copy
Human resources
Installation of CCTV
Internet
Jurisdiction of Personal Data (Privacy) Ordinance
Jurisdiction of the Administrative Appeals Board
Marketing
Media
Medical data
Monitoring
N/A
Personal Information Collection Statement (PICS)
Public Domain
Public register
Section 64 – disclosing personal data obtained without consent from data users
Social services
Spamming
Transfer of data outside Hong Kong
keyword:
Case No.:2017DB02
IT system containing over 11,000 unencrypted patients’ records being hacked – DPP 4 – security of personal data
... <more>
Areas of Concern:
DPP4
Case No.:2016DB04
Online food ordering records leaked to the Internet involving 62,539 customers – DPP 4 – security of personal data
... <more>
Areas of Concern:
DPP4
Case No.:2016DB03
Data leakage via a phishing email involving 6,131 members of an institute – DPP 4 – security of personal data
... <more>
Areas of Concern:
DPP4
Case No.:2016DB02
Unauthorised download of 210,000 customers’ personal data by a contractor – DPP 4 – security of personal data
... <more>
Areas of Concern:
DPP4
Case No.:2016DB01
Credit card data of 11,655 Hong Kong customers hacked by a zero-day malware – DPP 4 – security of personal data
... <more>
Areas of Concern:
DPP4
Case No.:2021DB04
Unencrypted personal data transmitted in mobile applications – DPP 4 – security of personal data
... <more>
Areas of Concern:
DPP4
Case No.:2021DB03
Loss of notebook computer containing work files – DPP 4 – security of personal data
... <more>
Areas of Concern:
DPP4
Case No.:2021DB02
Inadvertent disclosure of students’ personal data via email by a university – DPP 4 – security of personal data
... <more>
Areas of Concern:
DPP4
Case No.:2021DB01
Unauthorised access to an international fashion chain’s customer personal data system – DPP 4 – security of personal data
... <more>
Areas of Concern:
DPP4
Case No.:2019C10
This case related to DPP3 - Use of personal data , DPP4 - Security of personal data
... <more>
Areas of Concern:
DPP3
,
DPP4
Case No.:2019C09
This case related to DPP4 - Security of personal data
... <more>
Areas of Concern:
DPP4
Case No.:2019C01
This page only provides Chinese version temporarily
... <more>
Areas of Concern:
DPP3
,
DPP4
,
Exemptions
1
2
3
4
5
6
7