Skip to content

Data Breach Notification

Data Breach Notification

A data breach is generally taken to be a suspected breach of data security of personal data held by a data user, by exposing the data to the risk of unauthorised or accidental access, processing, erasure, loss or use.

While it is not a statutory requirement on data users to inform the PCPD about a data breach incident concerning the personal data held by them, data users are nevertheless advised to do so as a recommended practice for proper handling of such incident. You may make reference to our "Guidance on Data Breach Handling and the Giving of Breach Notifications" before submitting a data breach notification.

For submitting a data breach notification to the PCPD, please click here to download the Data Breach Notification Form. You can then fill in the form by making reference to the “Notice” and “Information Notes” contained therein.

After completing the form, please submit it and other relevant documents concerning the data breach (if any) which you wish to provide by clicking the icon below and following the instructions.

Data Breach Notification
Upload Data Breach Notification Form and other documents:
(At most 20MB in total)
 
  • Please note that if your submission of the Data Breach Notification Form is successful, you will receive a confirmation notification. You may also choose to provide your email address here: , so that the system can send an acknowledgement to your email address.
  • Please input the verification code appearing in the picture on the right*:
     

Personal Information Collection Statement:

Please be advised that it is voluntary for you to supply to the PCPD your personal data. All personal data submitted will only be used for purposes which are directly related to this data breach notification and the exercise of the regulatory powers and functions of the Privacy Commissioner for Personal Data.

You have the right to request access to and correction of your personal data held by the PCPD. Request for access or correction of personal data should be made in writing to the Data Protection Officer at the address: 12/F, Sunlight Tower, 248 Queen’s Road East, Wanchai, Hong Kong.

The personal data submitted may be transferred to parties who may be contacted by the PCPD during the handling of this case including agencies who are authorised to receive information relating to law enforcement or prosecution.