Office of the Privacy Commissioner for Personal Data


The Office of the Privacy Commissioner for Personal Data is a Hong Kong statutory body enforcing the Personal Data Ordinance, which secured the protection of privacy of individuals. The office is headed by the Privacy Commissioner for Personal Data, Stephen Wong.
The office is divided into six divisions: Complaints Division, Compliance Division, Legal Division, Policy and Research Division, Communications and Education Division, and Corporate Support and Enquiries Division.

Personal Data (Privacy) Ordinance

The purpose of this ordinance is to protect the privacy rights of a person in regard to his personal data, ie the Data Subject. The ordinance was passed in 1995.
Data subject refers to :
Examples of data subject protected by this ordinance include name, address, phone number, identity card number, photo, medical record and employment records. The data user, who collects, holds, or process this data is liable for any unlawful or wrongful use of this data.

List of Privacy Commissioners for Personal Data

  1. Stephen Lau Ka-man
  2. Raymond Tang Yee-Bong
  3. Roderick Woo Bun
  4. Allan Chiang Yam-wang
  5. Stephen Wong Kai-yi

    Reported data privacy issue of public concern

2010 Octopus sold personal data of customers for HK$44m

In 2010, it was reported that Octopus Card issuer has made HK$44 million in the past 4 1/2 years by selling cardholder data. This was disclosed in a special hearing conducted by the personal data privacy commissioner. Octopus Holdings chief executive Prudence Chan Bik-wah said she wished to 'sincerely apologise' to affected cardholders.

2010 Six banks transfer personal data for marketing purposes

In August 2010, the Hong Kong Monetary Authority publicly disclosed that CITIC Bank International, Citibank, Fubon Bank, Industrial and Commercial Bank of China, Wing Hang Bank, and Wing Lung Bank were guilty of transferring customer data to unaffiliated parties for marketing purposes. In a separate investigation, the privacy commissioner for personal data concluded that the actions of some of the banks were equivalent to the sale of personal data.

2017 Notebooks containing HK voters data was stolen

The Registration and Electoral Office reported in March 2017, right after the chief executive election, that they have lost 2 laptop computers containing 3.7 million voters personal information. This could be one of the most significant data breaches ever in Hong Kong, consider the city population is less than 8 million.