Case Notes

A folder that contained personal data of students and parents was accidentally disposed of – DPP 4 – security of personal data... <more>

An educational institution’s improper password management led to unauthorised access to the personal data of students and parents – DPP 4 – secur... <more>

Inadvertent disclosure of students’ personal data via email by a university – DPP 4 – security of personal data... <more>

This case related to DPP1 - Purpose and manner of collection of personal data... <more>

Unauthorised access of personal data held by public schools via a web-based application system – DPP 4 – security of personal data... <more>

This case related to DPP4 - Security of personal data, exemptions... <more>

This page only provides Chinese version temporarily... <more>

Enquiry: Whether the sending of email to students and staff by an educational institution constitutes direct marketing... <more>

Whether the installation of software for monitoring its students' browsing activities would contravene the requirements of the Ordinance... <more>

Appellant lodged a complaint with the Commissioner stating that educational institution had failed to comply with the data access requests (AAB A... <more>

A school refused data access requests made by two teachers without carefully considering whether the exemptions of sections 58(1)(d), (e) and (f)... <more>

Data Access Request made by a complainant on behalf of his son to a primary school... <more>