Staff of a public transport company was doxxed – section 64 of the PDPO – disclosure of personal data
The Complaint
The Complainant was a staff member of a public transport company. In early 2021, the Complainant found that his name, photo and other personal data (including his occupation, company name and the station where he worked) had been posted on a social media platform without his consent. The doxxer addressed the Complainant in foul language, blaming him for checking tickets, and incited other netizens to identify him. The Complainant was extremely distressed due to the disclosure of his personal data on the social media platform. He therefore sought assistance from the PCPD.
Outcome
In this case, not only was the Complainant’s personal data disclosed, the doxxer also incited netizens to identify the Complainant. This undoubtedly posed threats and harassment to the Complainant in his daily life. The PCPD requested the social media platform to remove the doxxing post concerned and received a positive response from the social media platform. The doxxing post was eventually removed to minimise damages to the Complainant.
Lesson learnt
Doxxing activities have become rampant and personal data has been “weaponised” in recent years. Although at the time of the complaint, doxxing was not a criminal offence, the PDPO was amended in October 2021 to more effectively combat doxxing behaviour. The objectives of the amendments were to criminalise doxxing acts, empower the Privacy Commissioner to carry out criminal investigations and institute prosecutions in respect of doxxing and related offences, and confer on the Privacy Commissioner statutory powers to demand the cessation of disclosure of doxxing messages. Everyone should think twice before publishing or re-posting any message that appears to be related to a doxxing message on the Internet or social media platforms.
(Uploaded in September 2022)