Office of the Privacy Commissioner for Personal Data
|Statutory body overview|
|Formed||1 August 1996|
|Headquarters||12/F, Sunlight Tower, 248 Queen's Road East, Wanchai|
|Deputy Minister responsible|
Politics and government|
of Hong Kong
|Related topics Hong Kong portal|
|Office of the Privacy Commissioner for Personal Data|
The Office of the Privacy Commissioner for Personal Data (Chinese: 個人資料私隱專員公署; PCPD) is a Hong Kong statutory body enforcing the Personal Data (Privacy) Ordinance, which secured the protection of privacy of individuals. The office is headed by the Privacy Commissioner for Personal Data, Stephen Wong.
The office is divided into six divisions: Complaints Division, Compliance Division, Legal Division, Policy and Research Division, Communications and Education Division, and Corporate Support and Enquiries Division.
Personal Data (Privacy) Ordinance
The purpose of this ordinance is to protect the privacy rights of a person in regard to his personal data, ie the Data Subject. The ordinance was passed in 1995. 
Data subject refers to :
- the information which relates to a living person and can be used to identify that person and
- it exists in a form in which access or processing is practicable
Examples of data subject protected by this ordinance include name, address, phone number, identity card number, photo, medical record and employment records. The data user, who collects, holds, or process this data is liable for any unlawful or wrongful use of this data.
List of Privacy Commissioners for Personal Data
- Stephen Lau Ka-man (1 August 1996 – 31 October 2001)
- Raymond Tang Yee-Bong (1 November 2001 – 31 July 2005)
- Roderick Woo Bun (1 August 2005 – 31 July 2010)
- Allan Chiang Yam-wang (1 August 2010 – 3 August 2015)
- Stephen Wong Kai-yi (since 4 August 2015)
Reported data privacy issue of public concern
2010 Octopus sold personal data of customers for HK$44m
In 2010, it was reported that Octopus Card issuer has made HK$44 million in the past 4 1/2 years by selling cardholder data. This was disclosed in a special hearing conducted by the personal data privacy commissioner. Octopus Holdings chief executive Prudence Chan Bik-wah said she wished to 'sincerely apologise' to affected cardholders. 
2010 Six banks transfer personal data for marketing purposes
In August 2010, the Hong Kong Monetary Authority publicly disclosed that CITIC Bank International, Citibank, Fubon Bank, Industrial and Commercial Bank of China, Wing Hang Bank, and Wing Lung Bank were guilty of transferring customer data to unaffiliated parties for marketing purposes. In a separate investigation, the privacy commissioner for personal data concluded that the actions of some of the banks were equivalent to the sale of personal data. 
2017 Notebooks containing HK voters data was stolen
The Registration and Electoral Office reported in March 2017, right after the chief executive election, that they have lost 2 laptop computers containing 3.7 million voters personal information. This could be one of the most significant data breaches ever in Hong Kong, consider the city population is less than 8 million. 
- "What We Do".
- "Organisation Chart".
- Chapter 486 Personal Data (Privacy) Ordinance. Extracted 2018-06-06
- The Ordinance at a Glance. Extracted 2018-06-06
- SCMP report - Octopus sold personal data of customers for HK$44m 2010-07-27. Retrieved 2018-06-06
- Chiang, Allan (15 December 2011). "Transfer of Customers' Personal Data by CITIC Bank International Limited to unconnected third parties for direct marketing purposes" (PDF).
- Laptops containing 3.7 million Hong Kong voters’ data stolen after chief executive election. SCMP reported 2017-03-28. Retrieved 2018-06-06