Incidents Reporting and Enquiry

Reporting Incidents :

Incidents or suspected incidents involving the breach of personal data privacy (including any leakage of personal data, actual or suspected) should immediately be brought to the attention of the head of the concerned school/department/unit, who in turn should promptly report the incident to the Data Privacy Officer.

Agents should forthwith report incidents or suspected incidents to the head of the school/department/unit/office that transferred the personal data to it, who in turn shall promptly report the incident to the Data Privacy Officer.

The Data Privacy Officer will determine the severity of the incident (drawing from his advisory committee where necessary) and report the case to the Privacy Commissioner for Personal Data as appropriate/necessary.

Proper documentation should be maintained for each such case, typically including such information as:

  • cause of the incident,
  • action(s) taken,
  • recommendation(s) to mitigate the risk(s) of further incidents.

Reviews and Monitoring :

All data users should review their respective personal data handling procedures and processes on a periodic (e.g. annual) basis and to remind concerned staff and agents regarding proper practices.

General Enquiries :

Any enquiries regarding personal data privacy policy and practice may be addressed to the University Data Privacy Officer and email to ispdpo@ust.hk.