Office of the Privacy Commissioner for Personal Data

Direct Marketing Offence Admitted: Beauty Product Company Fined HK$8,000

Retrieved on: 
Saturday, August 17, 2019
Data security, Office of the Privacy Commissioner for Personal Data, Computing, Digital technology, Information technology management, Privacy, Personal, Inc., Internet privacy, Personal data

The case stemmed from a complaint received by the office of the Privacy Commissioner for Personal Data, Hong Kong (PCPD) in June 2017.

Key Points: 
  • The case stemmed from a complaint received by the office of the Privacy Commissioner for Personal Data, Hong Kong (PCPD) in June 2017.
  • In February 2017, the complainant registered online as a member of Yoki Magokoro (YM), a beauty product brand run by KOA, by filling in her English full name, telephone number, residential address and office address.
  • The complainant also opted out of receiving direct marketing materials from YM.
  • Section 35C of the Ordinance requires data users not to use an individuals personal data in direct marketing, without that individuals consent.

Privacy Commissioner's Response to the Display of Police Officers' Personal Data in Public Places

Retrieved on: 
Saturday, August 17, 2019
Law, Terms of service, Digital rights, Human rights, Identity management, Social issues, Information governance, Privacy, Internet privacy, Information privacy, Office of the Privacy Commissioner for Personal Data, Medical privacy

In response to the display of police officers personal data in public places, the Privacy Commissioner for Personal Data (Privacy Commissioner) made the following statement:

Key Points: 
  • In response to the display of police officers personal data in public places, the Privacy Commissioner for Personal Data (Privacy Commissioner) made the following statement:
    Any person disclosing (e.g.
  • publicly displaying) others personal data, no matter whether the data was obtained from the public domain, must consider whether the means of collection and use is legal and fair.
  • The Privacy Commissioner reiterated that everyone should respect other individuals personal data privacy.
  • As at 5 pm today (11 July), no complaint about posting of police officers personal data on Lennon walls was received.

Privacy Commissioner’s Response to Suspected Disclosure of Personal Data of Government Officials, Legislators and Police Officers at Online Discussion Forums and Instant Messaging Platforms

Retrieved on: 
Saturday, August 17, 2019
Information governance, Government, Data security, Terms of service, Digital rights, Human rights, Identity management, Office of the Privacy Commissioner for Personal Data, Privacy Commissioner, Office of the Australian Information Commissioner, Information privacy, Privacy

In response to the suspected disclosure of personal data of government officials, legislators and police officers at online discussion forums and instant messaging platforms, the Privacy Commissioner for Personal Data (Privacy Commissioner) made the following statement:

Key Points: 
  • In response to the suspected disclosure of personal data of government officials, legislators and police officers at online discussion forums and instant messaging platforms, the Privacy Commissioner for Personal Data (Privacy Commissioner) made the following statement:
    As at 5 pm today (19 July 2019), the office of the Privacy Commissioner for Personal Data, Hong Kong (PCPD) received 315 related complaints and enquiries.
  • The Privacy Commissioner reiterated that everyone must respect others personal data privacy and obey and comply with the law.
  • Similar disclosure and bullying acts may not only contravene Personal Data (Privacy) Ordinance (the Ordinance), but also incur civil and criminal liabilities.
  • Should anyone find his/her privacy rights relating to personal data are being abused, he/she may complain to the PCPD with supporting evidences.

Criminal Investigation Procedures Commenced on 430 Cases of Online Disclosure of Personal Data in Accordance with the Law

Retrieved on: 
Saturday, August 17, 2019
Identity management, Terms of service, Office of the Privacy Commissioner for Personal Data, Digital rights, Human rights, Law, Information governance, Privacy Commissioner, Privacy, Internet privacy, Medical privacy

Date: 26 July 2019

Key Points: 
  • Date: 26 July 2019

    In response to the suspected disclosure of personal data of government officials, public figures, police officers, citizens and their family members at online discussion forums and instant messaging platforms, the Privacy Commissioner for Personal Data (Privacy Commissioner) Mr Stephen Kai-yi WONG made the following statement:

    The latest follow-up actions taken by the PCPD regarding the cases received are as follows:

    The Privacy Commissioner reminds netizens to respect others privacy.

  • The said disclosure of personal data online and bullying acts may break the law.
  • As the enforcement agency, the PCPD enforces the law fairly regardless of the political orientation or identity of the affected parties.
  • Contravention of the Ordinance may attract a maximum fine of HK$1,000,000 and imprisonment for five years.

Privacy Risks Associated with Fintech to be Addressed by Data Ethics Complementing Fair Enforcement - Privacy Commissioner Speaks to Banking Industry on Use of Personal Data in Digital Era

Retrieved on: 
Sunday, April 7, 2019
Economy, Digital rights, Human rights, Identity management, Law, Office of the Privacy Commissioner for Personal Data, Terms of service, Articles, Privacy, Finance, Financial technology, Internet privacy

Media Statements

Key Points: 
  • Media Statements

    Date: 7 April 2019

    Privacy Risks Associated with Fintech to be Addressed by Data Ethics
    Complementing Fair Enforcement
    Privacy Commissioner Speaks to Banking Industry on
    Use of Personal Data in Digital Era

    The Privacy Commissioner for Personal Data, Hong Kong (Privacy Commissioner) Stephen Kai-yi WONG was invited to give a briefing to the banking industry entitled Use of Personal Data in the Digital Era on 1 April 2019.

  • In the briefing, Mr Wong highlighted the proliferation of Fintech, with its applications enabling innovation in financial services and transforming the operations of the financial industry.
  • Privacy Commissioner Mr Stephen Kai-yi WONG was invited to give a briefing to the banking industry entitled Use of Personal Data in the Digital Era.
  • Privacy Commissioner Mr Stephen Kai-yi WONG received a token of thanks from Arthur YUEN, Deputy Chief Executive, Hong Kong Monetary Authority.

Privacy Commissioner Releases Study Report on Implementation of Privacy Management Programme by Data Users

Retrieved on: 
Saturday, March 9, 2019
Digital rights, Human rights, Identity management, Law, Information governance, Office of the Privacy Commissioner for Personal Data, Government, Articles, Privacy, Medical privacy, Office of the Australian Information Commissioner, Privacy policy

The Privacy Commissioner for Personal Data, Hong Kong (Privacy Commissioner), Mr Stephen Kai-yi WONG, today released the 2018 Study Report on Implementation of Privacy Management Programme by Data Users.

Key Points: 
  • The Privacy Commissioner for Personal Data, Hong Kong (Privacy Commissioner), Mr Stephen Kai-yi WONG, today released the 2018 Study Report on Implementation of Privacy Management Programme by Data Users.
  • During the period between October and November 2018, the Privacy Commissioner examined 26 organisations from different sectors (including insurance, finance, telecommunications, public utilities and transportation) to understand their implementation of Privacy Management Programme (PMP) within their organisations.
  • This is the sixth consecutive year for the office of the Privacy Commissioner for Personal Data, Hong Kong (PCPD) to participate in the Privacy Sweep.
  • The Privacy Commissioner said, Organisations have to accept that personal data that they hold belongs to the customers.

Privacy Commissioner Publishes Investigation Report on the Incident of Intrusion into Hong Kong Broadband Network’s Customer Database

Retrieved on: 
Thursday, February 21, 2019
Hong Kong Broadband Network, Office of the Privacy Commissioner for Personal Data, Identity documents, Privacy, Internet privacy, Personally identifiable information, Articles, Companies, Information governance

The Privacy Commissioner for Personal Data, Hong Kong (Privacy Commissioner) Mr Stephen Kai-yi WONG published an investigation report in accordance with section 48(2) of the Personal Data (Privacy) Ordinance (the Ordinance) on the incident of Hong Kong Broadband Network Limited (HKBN)s inactive database having been intruded in mid-April 2018 (the incident) that caused leakage of personal data of about 380,000 customers and service applicants.

Key Points: 
  • The Privacy Commissioner for Personal Data, Hong Kong (Privacy Commissioner) Mr Stephen Kai-yi WONG published an investigation report in accordance with section 48(2) of the Personal Data (Privacy) Ordinance (the Ordinance) on the incident of Hong Kong Broadband Network Limited (HKBN)s inactive database having been intruded in mid-April 2018 (the incident) that caused leakage of personal data of about 380,000 customers and service applicants.
  • The investigation report was published after having considered that it is in the public interest to do so.
  • Major investigation findings

    The report stated that at the time of the incident, HKBN stored customers data in three databases.

  • The types of personal data included name, email address, correspondence address, phone number, Hong Kong Identity Card number and credit card information.

Privacy Commissioner Releases Inspection Report on Personal Data Systems of Private Tutorial Services Industry to Encourage Organisations in Enhancing Data Stewardship and Sharing Mutual Fairness, Respect and Benefit with Customers

Retrieved on: 
Friday, December 28, 2018
Data security, Law, Information governance, Identity management, Data protection, Privacy, Office of the Privacy Commissioner for Personal Data, Privacy Commissioner, Data retention, Internet privacy, Information privacy, Privacy law

Media Statements

Key Points: 
  • Media Statements

    Date: 28 December 2018

    Privacy Commissioner Releases Inspection Report on
    Personal Data Systems of Private Tutorial Services Industry to
    Encourage Organisations in Enhancing Data Stewardship and
    Sharing Mutual Fairness, Respect and Benefit with Customers

    The Privacy Commissioner for Personal Data, Hong Kong (the Privacy Commissioner) Mr Stephen Kai-yi WONG today released an inspection report (the Report) about the personal data systems of private tutorial services industry (the industry).

  • Inadequacies included unnecessary or excessive collection of personal data, indefinite data retention, improper use of personal data and inadequate personal data security.
  • The Privacy Commissioner was of the view that there was still room for improvement in personal data protection in the industry.
  • He therefore carried out an inspection of the personal data systems of three private tutorial institutions in different business models under section 36 of the Personal Data (Privacy) Ordinance (the Ordinance).