Skip to content

Case Notes

Case Notes

This case related to DPP4 - Security of personal data

Case No.:2018DB03

Websites without secure transmission of personal data – DPP 4 – security of personal data


The PCPD examined around 660 local websites from various sectors which involved the collection of personal data, to evaluate whether the data users concerned provided sufficient security measures for personal data transmitted through their websites. Subsequently, the PCPD initiated compliance checks against 68 of those data users who did not enable Secure Sockets Layer (SSL) or other technical means on their websites to encrypt the data transmitted.

The compliance actions revealed that most of the problematic data users involved were either not aware of the need of security during personal data transmission through Internet or they did not have sufficient knowledge of information technology to make their websites secure.

Remedial Measures

With the PCPD’s advice, the 68 data users had implemented SSL encryption on their websites in order to protect the transmitted personal data against unauthorised interception or access. In view of the positive outcome, the PCPD will continue to carry out similar exercises.

(Uploaded in July 2022)

Category : Provisions/DPPs/COPs/Guidelines : Topic/Subject Matter :