A data breach is generally taken to be a suspected breach of data security of personal data held by a data user, by exposing the data to the risk of unauthorised or accidental access, processing, erasure, loss or use.
While it is not a statutory requirement on data users to inform the PCPD about a data breach incident concerning the personal data held by them, data users are nevertheless advised to do so as a recommended practice for proper handling of such incident. You may make reference to our "Guidance on Data Breach Handling and the Giving of Breach Notifications" before submitting a data breach notification.
For submitting a data breach notification to the PCPD, please click here to download the Data Breach Notification Form. You can then fill in the form by making reference to the “Notice” and “Information Notes” contained therein.
After completing the form, please submit it and other relevant documents concerning the data breach (if any) which you wish to provide by clicking the icon below and following the instructions.
Personal Information Collection Statement:
Please be advised that it is voluntary for you to supply to the PCPD your personal data. All personal data submitted will only be used for purposes which are directly related to this data breach notification and the exercise of the regulatory powers and functions of the Privacy Commissioner for Personal Data.
You have the right to request access to and correction of your personal data held by the PCPD. Request for access or correction of personal data should be made in writing to the Data Protection Officer at the address: 12/F, Sunlight Tower, 248 Queen’s Road East, Wanchai, Hong Kong.
The personal data submitted may be transferred to parties who may be contacted by the PCPD during the handling of this case including agencies who are authorised to receive information relating to law enforcement or prosecution.