Case Notes

A former teacher accidentally shared a file containing personal data of students to the entire school on a cloud-based drive – DPP 4 – security o... <more>

Whether a tertiary institution’s lecturer could upload students’ names and academic results to the institution’s official website without their c... <more>

A folder that contained personal data of students and parents was accidentally disposed of – DPP 4 – security of personal data... <more>

An educational institution’s improper password management led to unauthorised access to the personal data of students and parents – DPP 4 – secur... <more>

Unauthorised access of personal data held by public schools via a web-based application system – DPP 4 – security of personal data... <more>

Inadvertent disclosure of students’ personal data via email by a university – DPP 4 – security of personal data... <more>

This case related to DPP1 - Purpose and manner of collection of personal data... <more>

This case related to DPP4 - Security of personal data, exemptions... <more>

This page only provides Chinese version temporarily... <more>

Appellant lodged a complaint with the Commissioner stating that educational institution had failed to comply with the data access requests (AAB A... <more>

Whether the installation of software for monitoring its students' browsing activities would contravene the requirements of the Ordinance... <more>

Enquiry: Whether the sending of email to students and staff by an educational institution constitutes direct marketing... <more>