Hong Kong Privacy Office: Last year, “bottoming” cases dropped by nearly 60%, with nearly half involving money disputes

　　China News Service, January 29. According to Hong Kong's Sing Tao Network, the Office of the Privacy Commissioner for Personal Data in Hong Kong stated on the 29th that it received 157 data breach notifications last year, of which 48 were from public institutions and 109 from private institutions. This was a significant increase of nearly 50% from the 105 cases in the previous year. In addition, the number of "docking" cases handled by the PCPD last year dropped by nearly 60% compared with the previous year, and 31 people were arrested for "docking."

　　According to the PCPD, data breach incidents involve hackers, lost documents or portable devices, accidental disclosure of personal information via email, post or fax, employee violations and system misconfiguration. The number of data breaches involving hackers more than doubled from 29 the year before to 64 last year.

　　The PCPD said it received 3,582 complaints last year, down 7% from 3,848 the year before. Nearly 92% of the complaint cases involved complaints against private organizations or individuals (3,284 cases); the remaining approximately 8% involved complaints against public institutions or government departments (298 cases).

　　The provisions governing "bottoming" under the Privacy Ordinance will come into effect on October 8, 2021, criminalizing "bottoming". The Office of the Privacy Commissioner handled a total of 756 "docking" cases last year, a 57% decrease from the 1,764 cases in the previous year. The main reasons for "bottoming" are money disputes (43%), and family and relationship disputes (20%).

　　Last year, the Office of the Privacy Commissioner issued a total of 378 cease-disclosure notices to 23 online platforms, involving 10,682 "dominated" messages, with a compliance rate of over 95%; 117 channels used for "dominated" messages were successfully removed.

　　In addition, the PCPD launched criminal investigations into 140 cases last year and referred 31 cases to the police for further follow-up; there were 30 arrests and a total of 31 people were arrested. The arrested persons mainly used social media platforms and instant messaging software (90%) to target victims, while the rest were through leaflets (7%) and emails (3%). As of December 31 last year, the Office of the Privacy Commissioner had launched a total of 42 arrest operations in connection with "bottoming" behavior, and a total of 43 people were arrested.

　　Personal Data Privacy Commissioner Chung Liling said that Lockbit (including 2.0 and 3.0) and BlackCat were relatively common hacker groups/ransomware last year, accounting for 6 and 2 reported cases respectively. The PCPD hopes that by disclosing this information, organizations will be aware of the potential risks and threats these hacker groups/ransomware can pose to information security, and that organizations will take adequate security measures to prevent them.