Skip to content

PCPD e-Newsletter

Facebook Youtube

Privacy Campaign for Property Management Industry - Slogan Composition Competition

As property management practitioners and members of owners’ corporations collect and use a sheer amount of personal data, the PCPD has launched the Privacy Campaign for Property Management Industry to promote the culture of protecting and respecting personal data privacy in the industry.

The Campaign comprises a series of events, including the PCPD’s professional workshop on property management (with CPD accreditation) which was held on 26 November, and talks for property management companies and members of owners’ corporations. The Campaign will kick off with the Slogan Composition Competition.

The Slogan Composition Competition is now open for participation! The award-winning  property management companies will be presented with trophies and cash prizes in recognition of their effort and creativity. Deadline for submission will be on 6 December 2019. Don't hesitate and grab the chance to join now!

Join the competition



Practical Workshop on Data Protection Law (3 December 2019)

The numerous massive data breach incidents in the last year or so once again remind us of the importance of data security. For those who are charged with the responsibility of advising on compliance with the Personal Data (Privacy) Ordinance, or simply would like to find out more about it, this is the workshop you should go for. Data Protection Principles, court cases such as Chan Yim Wah Wallace v New World First Ferry Services Limited [HCPI 820/2013] and recent Administrative Appeals Board cases would be discussed.

Enrol now!

Data Protection in Insurance (10 December 2019)

Insurance practitioners handle a large amount of customers' personal data, on paper and online, in their daily work. This workshop would provide practical tips on what insurance practitioners should do to protect customers' personal data when providing insurance services. Core concepts of data protection compliance illustrated by specific scenarios such as collection of customers' medical data, engagement of private investigators in insurance claims and use of customers' data for internal training etc. will be examined.

Enrol now!

Introduction to the Personal Data (Privacy) Ordinance Seminar
Seminars for Jan - Jun 2020 are now open for enrolment !

Sign up now for the introductory seminar on the Personal Data (Privacy) Ordinance to find out more about your obligations as data users and your rights as data subjects. The seminar would walk you through the essence including:

- A general introduction to the Personal Data (Privacy) Ordinance
- The six data protection principles
- Direct marketing
- Offences & compensation

Enrol now!

Privacy Commissioner for Personal Data, Hong Kong 2018-19 Annual Report: Public Authorities Were More Willing Than Private Enterprises to Give Data Breach Notifications (27 November 2019)

Read media statement

Seminar "Managing Sustainable Corporate Cyber Defense" (27 November 2019)

On 27 November, PCPD organised a  seminar "Managing Sustainable Corporate Cyber Defense" for members of the Data Protection Officers' Club as well as the general public.

Our guest speakers, Mr Leo Tong, Vice President of the Hong Kong Innovative Technology Development Association (HKITDA)  and Mr Bernard Lee,  FinTech Committee member of the HKITDA illustrated strategies and solutions to maintain corporate cyber and information management security.



Hong Kong Open TV Programme (開嚟見我) (Cantonese TV Programme)
Interview with Privacy Commissioner Mr Stephen Wong: doxxing on the internet (20 & 21 November 2019)


Watch the 21 Nov episode
Watch the 20 Nov episode

Privacy Commissioner Stephen Kai-yi WONG Welcomed a Delegation of Judges from Shanghai (15 November 2019)



Privacy Commissioner Stephen Kai-yi WONG Attended the 4th Multi-functional Smart Lampposts Technical Advisory Ad Hoc Committee Meeting Organised by the Office of the Government Chief Information Officer (12 November 2019)

Download presentation materials

PCPD 2018 - 2019 Annual Report

The PCPD has published the 2018-19 Annual Report with the theme "Data Stewardship in Action", summarising key statistics and reports on PCPD's work during the reporting year.


Read annual report

Most Americans fear they’ve lost control of their personal information, as Facebook and Google continue to dominate the online ad market

An overwhelming majority of Americans are concerned about companies harvesting their personal information and say the risks outweigh the benefits, according to a new survey from Pew Research Center.

Read more

China is vocally standing up for its data protection and privacy rights

For Chinese people, the year 2018-19 could be considered as the time for ‘wake up’ to privacy.

Read more

Brexit and GDPR may be tiresome but businesses mustn’t bury their head in the sand

Contrary to the belief of many, the United Kingdom’s exit from the European Union does not signal the end of GDPR for the country. There are two potential scenarios of Brexit – deal or no deal – and several potential categories your business may fall into depending on how it uses personal data, so it is a complex area.

Read more

Tim Berners-Lee unveils global plan to save the web

Inventor of web calls on governments and firms to safeguard the web from abuse and ensure it benefits humanity.

Read more

Q: What is cloud computing?

A: As mentioned in the "Cloud Computing" Information Leaflet published by the PCPD, "cloud computing" is referred to as a pool of on-demand, shared and configurable computing resources that can be rapidly provided to customers with minimal management efforts or service provider interaction. The cost model is usually based on usage and rental, without any capital investment.

Q: What are the personal data privacy concerns for data users in the use of cloud computing and how to address them?

A: The personal data privacy concerns for data users in the use of cloud computing are largely related to the loss or lack of control over the use, retention/erasure and security of personal data entrusted to cloud providers. Specifically, four control-related characteristics of the cloud computing business model are of particular concern with regard to personal data privacy protection, namely: 1) rapid transborder data flow, 2) loose outsourcing arrangements, 3) standard services and contracts, and 4) service and deployment models. Data users using cloud services are advised to obtain satisfactory assurance from the cloud providers to address these concerns before they entrust personal data to them.

Extended Reading:
Information Leaflet: Cloud Computing

Data Protection Principle 3 – Use of personal data

The Complaint

The Complainant held two separate service accounts with a public utility company for two premises. The Complainant’s daughter lived in one of the premises.

The Complainant’s daughter made a bill enquiry for her residential address via the public utility company’s hotline. However, the hotline staff disclosed the address of the Complainant’s another premises to her daughter during the telephone conversation. Since the Complainant had not told her daughter about the premises concerned, the Complainant complained to the PCPD against the public utility company for disclosing her personal data to her daughter without her consent.

The public utility company provided the PCPD with the relevant telephone recordings between the hotline staff and the Complainant’s daughter. The recordings revealed that the Complainant’s daughter had told the hotline staff that her enquiry concerned the service account held by the Complainant. The hotline staff then promoted the e-Bill service to the Complainant’s daughter and she accepted the offer. The hotline staff proceeded to ask whether the e-Bill service would be applicable to another service account held by the Complainant and read out the address of that service account.


In view of the fact the Complainant’s daughter had explicitly informed the hotline staff that she was not the account holder and that her enquiry concerned her residential address only, the hotline staff should not disclose the address of another service account without the Complainant’s consent, thus such disclosure violated Data Protection Principle 3. The public utility company explained that it was an isolated incident and it had already given written guidelines and verbal instructions to its staff members, requiring them not to disclose to the enquirer who was not the account holder any information unrelated to the enquiry.


Privacy Commissioner’s Findings

You can find the Privacy Commissioner’s findings including investigation reports, inspection reports and compliance check reports here.

Learn more

"Privacy Clubhouse" - Radio Drama

"Privacy Clubhouse" - a series of 4 radio drama episodes to help property management practitioners, members of owners’ corporations and the general public better understand the requirements of Personal Data (Privacy) Ordinance (In Cantonese Only).

Listen to the drama

For enquiry, please contact us.
Address: Room 1303, 13/F, Sunlight Tower, 248 Queen's Road East, Wan Chai, Hong Kong         Tel: (852) 2877 7179

If you do not wish to receive the PCPD e-Newsletter, please click here to unsubscribe.



The information and suggestions provided in this publication are for general reference only. They do not serve as an exhaustive guide to the application of the law. The Privacy Commissioner makes no express or implied warranties of accuracy or fitness for a particular purpose or use with respect to the information and suggestions set out in this publication. This publication also contains information or suggestions contributed by others, whose views or opinions are solely those of the contributors and do not necessarily reflect or represent those of the Privacy Commissioner. All information and suggestions provided in this publication will not affect the functions and powers conferred upon the Privacy Commissioner under the Personal Data (Privacy) Ordinance.