個人資料私隱專員公署(私隱專員公署)於較早前發表2025年的工作報告,並報告早前介入三宗涉及個人資料保安的事故。
💥保安服務公司 – 工作群組公開身份證號碼
投訴人曾任職於一間保安服務公司。其上司將一份載有投訴人香港身份證號碼的終止僱傭合約通知書發送至在即時通訊軟件開設的工作群組,導致該通知書內投訴人的個人資料被披露予該群組的其他員工。
💥酒店保安部 – 工作表現評核表沒鎖好
一間酒店的保安部門主管將部門員工的年度工作表現評核表存放於其工作枱的抽屜。由於該工作枱供保安部門員工共用且該主管未有按酒店的指引將抽屜鎖上,投訴人(當時為該酒店保安部門的員工)於主管的工作枱尋找其他文件時,無意中翻閱了抽屜中載有部門全體員工個人資料的評核表。
💥社福機構 – 誤放解聘紀錄於共用資料檔案
一間社福機構的行政職員負責將投訴人的解聘紀錄文件掃瞄,惟過程中該職員錯誤將掃瞄本儲存於部門的共用資料檔案,令文件中投訴人的個人資料可被部門內的其他員工查閱。
私隱專員公署呼籲僱主在保障員工個人資料方面訂定清晰的政策,避免因人為疏忽,或意識不足而忽略個人資料安全。
參考資料: 個人資料私隱專員公署 Link
The Office of the Privacy Commissioner for Personal Data (PCPD) reported on its work in 2025 and three incidents involving the security of personal data.
💥Security Service Company – ID Card Number Exposed in Work Group
The complainant worked for a security service company. The complainant’s supervisor sent a notice of termination of employment containing the complainant’s HKID card number to a work-related chat group in an instant messaging application. This resulted in the disclosure of the complainant’s personal data to other staff members in the group.
💥Security Department of a Hotel – Performance Appraisals Left Unlocked
The head of the security department of a hotel stored annual performance appraisal forms of departmental staff members in a desk drawer. As the desk was shared among staff members of the department and the department head did not lock the drawer in accordance with the hotel’s guidelines, the complainant (an employee of the hotel’s security department at the material time) inadvertently read the appraisal forms that contained the personal data of all the departmental staff members stored in the drawer while searching for other documents.
💥Social Welfare Organisation – Dismissal Records Misplaced in Shared Folder
An administrative staff member of a social welfare organisation was responsible for scanning a dismissal document relating to the complainant. During the process, the staff member mistakenly saved the scanned copy in the department’s shared folder. As a result, the complainant’s personal data contained in the document was accessible to other staff members of the department. PCPD urges employers to formulate clear policies to protect employees’ personal data in order to prevent security lapses caused by human error or insufficient awareness.
Reference: PCPD Link