Data Breach Notification

A data breach is generally taken to be a breach of the security of the personal data held by a data user, which results in exposing the data to the risk of unauthorised or accidental access, processing, erasure, loss or use. Depending on the circumstances of the case, the breach in question may amount to a contravention of Data Protection Principle 4 of the Personal Data (Privacy) Ordinance (the Ordinance).

Although it is not mandatory under the Ordinance for data users to give data breach notifications, data users are encouraged to give such notifications timely to the Office of the Privacy Commissioner for Personal Data (PCPD), the affected data subjects and other relevant parties when a data breach has occurred.

This notification form is for a data user to report a data breach to the PCPD and it may take about 10-15 minutes to complete. You may refer to our “Practical Tips for Handling Data Breach Incident” for more information.

If you find that your privacy rights relating to personal data are being abused or there is any possible breach of the Ordinance which affects your personal data, please go here.

For general enquiries about the Ordinance and the work of the PCPD, please go here.

Personal Information Collection Statement

I understand the above and I would like to submit a data breach notification on behalf of a data user.

Basic Information of the data user

User Sector

Private Sector
Public Sector

Company/organisation name

Hong Kong office’s correspondence address

Information of the Contact Person

Name of person making this notification

Job Title

Email address

Country code (for non-Hong Kong phone number)

Contact phone number

Are you the Data Protection Officer for your company/organisation?

Particulars of the data breach incident

Is this a new notification or an update of a previous notification

Date of the data breach

When did your company/organisation become aware of the data breach?

Number of individuals affected

Are there any Hong Kong residents affected?

Number of Hong Kong residents affected

Did you engage a service provider / contractor to handle the above personal data?

Yes No

Details of the data breach

Assessment of the incident and remedial actions taken

Real Risks to Data Subject(s)

Threat to personal safety

Identity theft

Financial loss

Damage to reputation

Loss of business opportunities

Loss of employment opportunities

No real risk of harm to data subject(s)

Others, please specify:

Summary of the remedial actions taken

Were the affected individuals notified?

Yes

No

No, will do so within days

Has your company/organisation issued or does your company/organisation intend to issue a media statement?

Have any other authorities been notified of the data breach? (e.g. Hong Kong Police Force)

Summary of the notification made to other authorities

Type the characters you see in the image below

If the image is not clear, please click the image to reload.