Data Privacy

Hong Kong PCPD Arrests Two for Suspected Doxxing

The Hong Kong Office of the Privacy Commissioner for Personal Data (PCPD) arrested two men for suspected doxxing and disclosure of personal data without consent, in contravention of the Personal Data (Privacy) Ordinance. The arrests stem from a monetary dispute where personal data and family photos were posted online.

Global Privacy Authorities Joint Statement on AI-Generated Imagery

The Office of the Privacy Commissioner for Personal Data (PCPD) and 60 other global privacy authorities have issued a joint statement expressing concern over AI-generated imagery and its potential for harm. The statement urges organizations to develop and use AI content generation systems lawfully, with specific measures to protect data subjects, particularly children.

AI Security and Cybersecurity Summit for Enterprises Registration Open

The Office of the Privacy Commissioner for Personal Data (PCPD) and HKIRC are co-organising an AI Security and Cybersecurity Summit for Enterprises on March 31, 2026. Registration is now open for organizations to address AI security and cybersecurity risks. The event aims to raise awareness and readiness among businesses, including SMEs.

Privacy Commissioner Reports 2025 Work and Data Security Incidents

The Office of the Privacy Commissioner for Personal Data (PCPD) reported on its 2025 activities, including a 23% increase in complaints and a 21% rise in data breach notifications. The PCPD also intervened in three data security incidents and conducted 435 compliance checks.

Privacy Commissioner Warns of Construction Worker Recruitment Fraud

The Hong Kong Privacy Commissioner's Office issued a warning regarding fraudulent recruitment advertisements targeting construction workers. The office received 42 complaints in two weeks involving scams that requested sensitive personal data, including construction site "Three Essentials." The PCPD urges vigilance and provides guidance on safeguarding personal data during job applications.

AI Chatbots Provide Biased Voting Advice, Ignoring Local Parties

The Dutch Data Protection Authority (AP) released a study showing AI chatbots rarely recommend local political parties when providing voting advice. The AP warns that this bias makes chatbots unreliable voting aids and calls on providers to implement measures to prevent their systems from being used for voting advice, especially in light of the EU AI Act.

Ransomware Incident Data Breach and Security Lapses

Singapore's Personal Data Protection Commission issued a decision regarding a ransomware incident affecting 39,000 individuals' data due to security lapses. Three separate undertakings were also accepted for similar incidents. The Commission directed the organization to strengthen its security posture and highlighted key takeaways for all organizations to prevent future breaches.

PDPC Steps Up NRIC Misuse Enforcement and Issues New Advisory

The Singapore Personal Data Protection Commission (PDPC) is stepping up enforcement against private organizations misusing NRIC numbers for authentication starting January 1, 2027. New advisories are also being issued to guide organizations on data protection lapses and recommend more secure authentication methods.

Data Protection Breaches Result in Financial Penalties

Singapore's Personal Data Protection Commission issued financial penalties to four organizations for data protection breaches affecting over 1 million individuals. These breaches stemmed from inadequate security measures, including poor patch management and lack of data protection policies. An additional organization committed to an undertaking following a ransomware attack.

PDPC Publishes Four Undertakings on Ransomware and Unauthorized Access

Singapore's Personal Data Protection Commission (PDPC) has published four undertakings from organizations that experienced ransomware attacks and unauthorized access. These undertakings detail remediation measures to strengthen cybersecurity defenses and data protection practices.