Skip to content

PCPD e-Newsletter

Facebook Youtube

Seminar on "Watch Out Your Online Profile – Personal Cyber Credibility and Solutions"

The PCPD has the privilege to have representatives of the Hong Kong Innovative Technology Development Association to talk with DPOC members on personal cyber credibility. This seminar will examine technology risks and common cyberattacks that threaten safety of personal digital identity. It will also review impersonation risk, personal cyber credibility reference, and solutions.

Date: 15 October 2019 (Tuesday)
Time: 4:00pm – 5:30pm
Venue: Lecture Room, Office of the Privacy Commissioner for Personal Data, 12/F, Sunlight Tower, 248 Queen's Road East, Wan Chai, Hong Kong
Language: Cantonese
Speakers: Mr Leonard Chan, President, Hong Kong Innovative Technology Development Association
Mr Leo Tong, Vice President (Professional Development), Hong Kong Innovative Technology Development Association

-   Personal cyber security landscape
-   Online security tips
-   Selected technology risks and common cyberattacks
-   Digital identity & profile
-   Impersonation risk and cyber credibility

Seats are offered on a first-come-first-served basis.

Enrol now!

PCPD Responds to Doxxing of Participants in “Community Dialogue” and Warns that It is a Criminal Offence (28 September 2019)


Read media statement

Privacy Commissioner Responds Again to Doxxing of Staff of a Media Organisation and Other Individuals (Chinese Version Only) (27 September 2019)


Read media statement

Study: Finance Sector Received More GDPR Fines Than Other Industries

A recent study found that of the GDPR fines administered to date across Europe, the finance sector has received 11 fines, significantly more than any other industry. The majority of these fines were administered for breaches related to the processing of personal data.

Read more

'Right to be Forgotten' on Google Only Applies in EU, Court Rules

Europe's highest court has ruled that the “right to be forgotten” on Google does not extend beyond the borders of the European Union.

Read more

Brexit Manoeuvres: Brexit and Data Protection

With a “no-deal” Brexit increasingly more likely, what steps should businesses be taking in relation to their data protection compliance regimes to prepare for 31 October this year?

Read more

Tips on How to Manage Children’s Online Privacy

After Google agreed to pay a record $170 million fine for violating the Children’s Online Privacy Protection Act, parents need to be vigilant in surveilling online activity as children become increasingly connected to the Internet.  This passage shared useful tips on how to manage children’s online privacy.

Read more



Professional Workshops on Data Protection (October - December 2019) are now open for enrolment!

The Professional Workshops organised by the PCPD are specifically designed for various practitioners to get up to speed on how to comply with the requirements under the Personal Data (Privacy) Ordinance in handling personal data.

Course details Enrol now!

Professional Workshop on Data Protection in Banking/Financial Services (9 October 2019)

This workshop is designed for banking and financial personnel who wish to acquire knowledge on the requirements under Personal Data (Privacy) Ordinance in different aspects of the banking and financial services and the practical ways to deal with them effectively in their daily operation.

Highlights of Course Outline:

-   Code of Practice on Consumer Credit Data
-   Accuracy of customers' contact information
-   Outsourcing the processing of personal data

Enrol now!

Professional Workshop on Data Protection in Human Resource Management (16 October 2019)

Can an employer collect a photocopy of a job applicant's Hong Kong Identity Card? How long should a company keep the personal data of former employees? Can an employee obtain all the comments in his/her appraisal report? These are some of the frequently asked questions about the application of Personal Data (Privacy) Ordinance on human resource management.

Tailor-made for human resource practitioners, this workshop would discuss common questions and good practices in handling personal data in human resource management.

Enrol now!

Student Ambassador Programme 2019

The annual flagship event, Student Ambassador for Privacy Protection Programme cum Partnering School Recognition Programme is around the corner! Participating schools are required to complete 10 missions related to privacy protection in order to become "Partnering Schools" and receive recognitions. The two core missions this year are: the Data Protection Online Game - "Give a 'Like' to good digital citizens" and the "Artificial Intelligence and Privacy Protection" Proposal Competition.

Do encourage youngsters you know to become Student Ambassador for Privacy Protection!

Learn more Game

Hong Kong Lawyer  September 2019 issue: Filter Bubbles and Big Nudging: Impact on Data Privacy and Civil Society

The Privacy Comissioner writes about the emergence of profiling or behavioural tracking, filter bubbles and big nudging in the Internet age, which may infringe people’s privacy, and also prejudice their free participation in civil society.

Read the article

Cyber-bullying – What you need to know

This leaflet provides examples of cyber-bullying to remind members of the public of the privacy and legal issues involved in cyber-bullying, and calls on Internet users to respect the privacy right of others in the cyber world.

Read publication

Q: Why may doxxing (起底) constitute a criminal offence under Personal Data (Privacy) Ordinance?

A: - Under section 64(1) of the Ordinance, a person commits an offence if he discloses any personal data of a data subject obtained from a data user without the data user’s consent with the intention-

  • to obtain gain in the form of money or other property, whether for his own benefit or that of another person; or 
  • to cause loss in the form of money or other property to the data subject.

- Under section 64(2) of the Ordinance, a person commits an offence if he discloses, irrespective of his intent, any personal data of a data subject obtained from a data user without the data user’s consent and the disclosure causes psychological harm to the data subject.

- Doxxing and cyberbullying activities may also involve other criminal offences including criminal intimidation.

Q: What are the legal conseqences of breaching section 64 of Personal Data (Privacy) Ordinance?

A: - Contravention of section 64 of the Ordinance may attract a maximum fine of HK$1,000,000 and imprisonment for 5 years.

- The parties involved may also face civil claims by those affected persons suffering from psychological harm.

Q: What can you do if you are being doxxed?

A: Victims of doxxing are advised to take the following actions:

  1. Make a complaint to the PCPD (Email: Address: Room 1303, 13/F, 248 Queen’s Road East, Wan Chai, Hong Kong);
  2. Request the social media platform or website to remove the doxxing contents;
  3. Review the privacy setting of social media accounts to restrict access to or distribution of the content for better privacy protection.

Extended Reading:

Cyber-bullying - What you need to know

Data Protection Principle 4 - Security of personal data

Travel agency should not distribute flight itinerary list (containing all tour members’ names and e-ticket numbers) to all tour members

The Complaint

The Complainant joined a package tour (the Tour) with a travel agency. On the date of departure, the tour escort distributed a flight itinerary list (the List) to all members of the Tour. The List contained all tour members’ full names, e-ticket numbers and booking reference numbers (the Information). Since each passenger’s full name, date of birth, nationality, passport number and passport expiry date could be accessed via the relevant airline’s website after logging in with the Information, members of the Tour were able to access each other’s said personal data.


Most airlines’ websites allow passengers to login with their names and booking reference numbers / e-ticket numbers for managing their flights. After logging in, passengers are able to manage information in relation to their bookings and flights, which usually include passengers’ nationalities, passport numbers, passport expiry dates and dates of birth. In short, the Information can be used as a key to unlock sensitive personal data of passengers, thus travel agency should keep extra caution when handling the Information. The travel agency admitted that the distribution was unnecessary and might give rise to possible risk of personal data leakage. After PCPD’s intervention, the travel agency had reminded its staff members not to distribute any similar list to tour members. The travel agency had also informed all members of the Tour regarding the possible leakage of their personal data in the present case in writing. The Commissioner issued a warning to the travel agency.

PCPD-supported Event - the 32nd LAWASIA Conference

Know more about this event.


"Privacy Clubhouse" - Radio Drama

"Privacy Clubhouse" - a series of 4 radio drama episodes to help property management practitioners, members of owners’ corporations and the general public better understand the requirements of Personal Data (Privacy) Ordinance (In Cantonese Only).

Listen the drama

For enquiry, please contact us.
Address: Room 1303, 13/F, Sunlight Tower, 248 Queen's Road East, Wan Chai, Hong Kong         Tel: (852) 2877 7179

If you do not wish to receive the PCPD e-Newsletter, please click here to unsubscribe.



The information and suggestions provided in this publication are for general reference only. They do not serve as an exhaustive guide to the application of the law. The Privacy Commissioner makes no express or implied warranties of accuracy or fitness for a particular purpose or use with respect to the information and suggestions set out in this publication. This publication also contains information or suggestions contributed by others, whose views or opinions are solely those of the contributors and do not necessarily reflect or represent those of the Privacy Commissioner. All information and suggestions provided in this publication will not affect the functions and powers conferred upon the Privacy Commissioner under the Personal Data (Privacy) Ordinance.