PCPD:23% jump in complaints with company staff lapses behind multiple data breaches
發佈日期: 2026-02-03 20:28
TVB News
The Office of the Privacy Commissioner for Personal Data received more than 4,200 complaints last year -- up 23 percent year-on-year.
The office says the bulk of them involved private organisations and individuals and multiple data breaches were caused by insufficient staff awareness.
Reviewing the office's work for 2025, the Privacy Commissioner for Personal Data Ada Chung says they received a total of 4,228 complaints, representing a 23-percent increase from the year before.
Over 90 percent of the complaints involved private-sector organisations and individuals, while some 390 complaints were lodged against public bodies or government departments, a proportion similar to that in 2024.
As for data breaches, the office received 246 cases last year -- a 21-percent increase year-on-year.
32 percent involved public bodies.
92 other cases involved data breaches by schools or non-profit organisations.
The main causes included hacking incidents and the loss of documents.
Privacy Commissioner for Personal Data ADA CHUNG: "There has been a significant, or consistent rise in the number of hacking cases over the years. But again, this is not something unique to Hong Kong. This happens everywhere. That is why everyone, including companies, NGOs, schools, they do have to pay some priority to safeguard their personal data in their possession."
The office also intervened in data security incidents involving three organisations.
In one case, an employee of a security company complained that their supervisor had sent a termination notice to a messaging app group chat, which contained the complainant's HKID card number.
In another case, an administrative staff member at a social welfare organisation complained that scanned copies of their dismissal records were placed in a shared departmental drive, exposing their salary details and reasons for termination.
The office says both cases involve a lack of awareness in safeguarding sensitive personal information.
The office has issued notices to the organisations to beef up staff training.
As for doxxing cases, the office handled 308 cases last year, marking a 30-percent drop year-on-year.
Among them, 147 cases required criminal investigation, resulting in 18 people being arrested.
