| Date
|
Title
|
No.
|
| 1 June 2023
|
Unauthorised Access to Credit Data in the TE Credit Reference System
|
R23-21242
|
| 9 February 2023
|
Ransomware Attack on the Servers of The Hong Kong Institute of Bankers
|
R23-6319
|
| 29 December 2022
|
Registration and Electoral Office Two Personal Data Breach Incidents
|
R22-4116
|
| 14 November 2022
|
EC Healthcare's Sharing of Clients' Personal Data among its Various Brands through an Integrated System
|
R22-13928
|
| 14 November 2022
|
Ransomware Attack on the Database of Fotomax (F.E.) Limited
|
R22-18947
|
| 13 June 2022
|
Accidental Disposal of Medical Records of Patients by Town Health Medical & Dental Services Limited
|
R22-12326
|
| 13 June 2022
|
Improper Collection, Retention, Use and Storage of Personal Data of Residents and Visitors by Property Management Companies
|
R22-14226
|
| 17 February 2022
|
Hacker's Intrusion into the Email System of Nikkei China (Hong Kong) Limited
|
R22-7840
|
| 28 October 2021
|
Security Measures Taken by Restaurants to Protect Customers' Information Collected during the Registration Required under the COVID-19 Anti-pandemic Measures
|
R21-2485
|
| 22 December 2020
|
Tai Po Mega Mall Incident
|
R20-3370
|
| 9 December 2019
|
TransUnion Limited-Unauthorised online access to credit reports
|
R19-17497
|
| 29 August 2019
|
Registration and Electoral Office-Loss of a Marked Final Register of Electors
|
R19-5120
|
| 6 June 2019
|
Cathay Pacific Airways Limited and Hong Kong Dragon Airlines Limited-Unauthorised access to personal data of passengers
|
R19-15281
|
| 21 February 2019
|
Hong Kong Broadband Network Limited-Intrusion into a Customer Database
|
R19-5759
|
| 12 June 2017
|
Registration and Electoral Office-Loss of Notebook Computers Containing Personal Data of Election Committee Members and Electors
|
R17-6429
|
| 21 July 2015
|
Collection of Fingerprint Data by Queenix (Asia) Limited
|
R15-2308
|
| 21 July 2015
|
Unfair collection of personal data by the use of "blind" recruitment advertisements
|
R15-8107
|
| 15 December 2014
|
HKA Holidays Limited Leaked Customers' Personal Data through the Mobile Application "TravelBud"
|
R14-6453
|
| 15 December 2014
|
Excessive Collection of Personal Data through the Mobile App 「縱橫遊」and the Membership Programme 「Worldwide Touring翱翔天地」by Package Tours (Hong Kong) Limited and Worldwide Package Travel Service Limited
|
R14-9945
|
| 20 November 2014
|
Excessive Online collection of private tutors' personal data by tutorial service agency websites
|
R14-19675
|
| 20 November 2014
|
Excessive Collection and Online Disclosure of Personal Data by Employment Agencies Placing Foreign Domestic Helpers
|
R14-1382
|
| 29 May 2014
|
Unfair collection of personal data by the use of "blind" recruitment advertisement
|
R14-6242
|
| 5 December 2013
|
Collection of Excessive Personal Data from Membership Applicants by J.V. Fitness Limited (trading as California Fitness)
|
R13-12828
|
| 24 October 2013
|
Hong Kong Police Force's Repeated Loss of Documents Containing Personal Data
|
R13-0407
|
| 24 October 2013
|
The Hong Kong Police Force leaked internal documents containing personal data via Foxy
|
R13-15218
|
| 24 October 2013
|
Hospital Authority's breach of data security in connection with disposal of patient records
|
R13-6740
|
| 13 August 2013
|
Glorious Destiny Investments Limited and Brilliant United Investments Limited Publicly Disclosed Litigation and Bankruptcy Information Collected from the Public Domain to Their Customers via Smartphone Application "Do No Evil"
|
R13-9744
|
| 9 April 2013
|
Transfer of Personal Data Collected Unfairly from the Public by HK Preventive Association Limited to AEGON Direct Marketing Services Insurance Broker (HK) Limited for Use in Direct Marketing
|
R13-1138
|
| 11 October 2012
|
The Collection and Use of Personal Data of Members Under the MoneyBack Program run by A.S. Watson Group (HK) Limited through "Watsons"
|
R12-3890
|
| 11 October 2012
|
The Collection and Use of Personal Data of Members Under the MoneyBack Program run by A.S. Watson Group (HK) Limited through "PARKnSHOP"
|
R12-3888
|
| 11 October 2012
|
The Collection and Use of Personal Data of Members Under the Fun Fun Card Program run by The China Resources Vanguard (Hong Kong) Company Limited
|
R12-0080
|
| 11 October 2012
|
The Collection and Use of Personal Data of Members Under the Mann Card Program run by The Dairy Farm Company Limited
|
R12-0079
|
| 28 March 2012
|
Unfair Collection of Two Artistes' Personal Data by FACE Magazine Limited
|
R12-9164
|
| 28 March 2012
|
Unfair Collection of an Artiste's Personal Data by Sudden Weekly Limited
|
R12-9159
|
| 14 February 2012
|
Collection of Employees' Personal Data by Covert Recording Device by Hong Yip Service Company Limited
|
R12-4839
|
| 14 February 2012
|
Collection of Vehicle Owners' Personal Data from Register of Vehicles for Direct Marketing by Imperial Parking (HK) Limited
|
R12-3428
|
| 15 December 2011
|
Transfer of Customers' Personal Data by CITIC Bank International Limited to unconnected third parties for direct marketing purposes
|
R11-1745
|
| 15 December 2011
|
Prolonged Retention of Customers' Bankruptcy Data by Hang Seng Bank Limited
|
R11-6121
|
| 15 December 2011
|
Collection of Excessive Data from Savings Account Applicants by Hang Seng Bank Limited
|
R11-8371
|
| 20 June 2011
|
Inland Revenue Department Failed to Take All Reasonably Practicable Steps to Ensure the Accuracy of a Taxpayer's Address
|
R11-11778
|
| 20 June 2011
|
Collection and Use of Customers' Personal Data by Industrial and Commercial Bank of China (Asia) Limited in Direct Marketing
|
R11-7946
|
| 20 June 2011
|
Transfer of Customers' Personal Data by Wing Hang Bank, Limited to a Third Party Insurance Company for Direct Marketing
|
R11-2853
|
| 20 June 2011
|
Transfer of Customers' Personal Data Collected from On-street Promotional Activities by Citibank (Hong Kong) Limited to a Third Party Insurance Company
|
R11-1982
|
| 20 June 2011
|
Transfer of Customers' Personal Data by Fubon Bank (Hong Kong) Limited to an Insurance Company without Customers' Consent
|
R11-1696
|
| 17 November 2010
|
A Telecommunications Company Authorized Another Company to Make Direct Marketing Calls
|
R10-4422
|
| 18 October 2010
|
The Collection and Use of Personal Data of Members under the Octopus Rewards Programme run by Octopus Rewards Limited
|
R10-9866
|
| 30 July 2010
|
Transfer of Personal Data of Customers by Beauty Centre without Customers' Consent
|
R10-13416
|
| 24 February 2010
|
Bank Imposing Fee at a Flat Rate for Complying with a Data Access Request
|
R10-5528
|
| 24 February 2010
|
Debt Collection Agency authorized by a Finance Company Disclosed Personal Data of Debtor's Family Members During Debt Recovery
|
R10-11568
|
| 7 August 2009
|
Food Company Collecting Participants' Personal Data in Lucky Draw Activity
|
R09-3658
|
| 3 August 2009
|
Tutorial Centre Using a Student's Results Notice for Promotion without the Student's Consent
|
R09-2902
|
| 13 July 2009
|
Employer Collecting Employees' Fingerprint Data for Attendance Purpose
|
R09-7884
|
| 19 January 2009
|
University refusing to comply with data access request in relation to examination marking
|
R08-10578
|
| 24 December 2008
|
Loss of Patient's Personal Data by United Christian Hospital
|
R08-1935
|
| 21 September 2007
|
Collection of Personal Data by Credit Provider for Business Promotion
|
R07-6168
|
| 14 March 2007
|
The Disclosure of Email Subscriber's Personal Data by Email Service Provider to PRC Law Enforcement Agency
|
R07-3619
|
| 26 October 2006
|
Must Take Security Measures to Protect Personal Data when Engaging Outsourced Contractor
|
R06-2599
|
| 8 December 2005
|
The practice of collection of employees' personal data by pinhole cameras without proper justification is excessive and unfair in the circumstances of the case
|
R05-7230
|
| 13 October 1997
|
Unfair collection and disclosure of personal data
|
R97-1948
|
