The Office of the Privacy Commissioner for Personal Data (PCPD) received a record 129 data breach notifications in 2018, up 22% from the prior year, the office's latest annual report shows.
The PCPD investigated data breach incidents involving hacking, system misconfiguration, the loss of documents on personal devices and the inadvertent disclosure of personal data by email, fax or post.
During the year, the office also conducted 289 compliance checks and four compliance investigations, and completed an inspection report on the personal data system used by the private tutorial services industry.
Meanwhile enquiries to the PCPD increased 8% in 2018 to 16,875, while the number of complaints grew 23% to 1,890.
Of these complaints, 71% were made against the private sector, 12% against the public sector or government departments, and 17% against individuals.
In terms of their content, 27% of complaints related to the unauthorized use of personal data, 24% to the manner of data collection and 5% to data access or correction requests.
The PCPD closed 1,751 of these complaint cases, and conducted 92 investigations as a result. Of the completed cases, 844 were accepted for more handling.
For the year ahead, the PCPD plans to engage in initiatives including issuing guidance on personal data use in the fintech sector, as well as on data de-identification. The office also plans to publish a booklet for Hong Kong organizations detailing the major personal data regulations that must be followed in mainland China.