A total of 92 reports were submitted by schools and non-governmental organizations (NGOs), accounting for 37% of all data leakage incidents last year.

The number of data breaches involving hacking attacks totaled 81, or one-third of the year's total. In comparison, there were 61 hacking cases in 2024, accounting for 30% of the data leakage incidents in that year.

Last year, the PCPD handled a total of 308 undercover cases, including related complaints received and cases detected by the PCPD on its own initiative. This figure represents a drop of nearly one-third as compared with that of the previous year.

The PCPD initiated 147 criminal investigations last year and referred 47 cases to the police for follow-up, resulting in the arrest of 18 suspects.

At a press conference on Tuesday, the Privacy Commissioner, Ms. Loretta Chung, cited a number of examples of privacy incidents and called on employers to formulate clear privacy policies to protect their employees from personal data leakage.

In one of the cases, a supervisor sent the employee's notice of termination to a work-related group, resulting in the disclosure of the employee's personal data.

In another case, a security guard of a hotel inadvertently read a staff appraisal form containing personal data in an unlocked desk drawer.

There was also a termination document containing employees' personal data which was stored in a shared folder, resulting in the contents of the document being accessible to other employees.

"Employers should consider the protection of employees' personal data privacy as an integral part of their organization's data governance efforts," Lillian Chung said on Tuesday.

This not only demonstrates an organization's commitment to protecting its employees' personal data, but also ensures that it complies with the requirements of the Personal Data (Privacy) Ordinance, thereby achieving a win-win situation for both employers and employees," added Ms. Chung.