Skip to content

Data Breach Notification

Data Breach Notification

A data breach is generally taken to be a breach of the security of the personal data held by a data user, which results in exposing the data to the risk of unauthorised or accidental access, processing, erasure, loss or use. Depending on the circumstances of the case, the breach in question may amount to a contravention of Data Protection Principle 4 of the Personal Data (Privacy) Ordinance (the Ordinance).

Although it is not mandatory under the Ordinance for data users to give data breach notifications, data users are encouraged to give such notifications timely to the Office of the Privacy Commissioner for Personal Data (PCPD), the affected data subjects and other relevant parties when a data breach has occurred.

This notification form is for a data user to report a data breach to the PCPD and it may take about 10-15 minutes to complete. You may refer to our “Practical Tips for Handling Data Breach Incident” for more information.

If you find that your privacy rights relating to personal data are being abused or there is any possible breach of the Ordinance which affects your personal data, please go here.

For general enquiries about the Ordinance and the work of the PCPD, please go here.

Personal Information Collection Statement

Basic Information of the data user

User Sector

Information of the Contact Person

Particulars of the data breach incident

Types of personal data involved
Did you engage a service provider / contractor to handle the above personal data?

Assessment of the incident and remedial actions taken

Cause/Suspected Cause of incident
Potential Risk to Data Subject(s)
Were the affected individuals notified?

If the image is not clear, please click the image to reload.