The vision of PCPD is to cultivate a society that values and upholds privacy rights regarding personal data.

Lastly, PCPD reviews and improves continuously to align with global standards for personal data privacy protection.

The PCPD functions based on its core values which include respect for personal data privacy, integrity, embracing technological advancements, and independence.

Therefore, in order to achieve its core values and objectives, the PCPD has developed plans and strategies in different critical areas.

The PCPD collaborates with other regulators and data protection offices to manage cross-border privacy concerns and fix complaints efficiently to secure equity and fairness.

The PCPD also monitors and supervises compliance, investigating significant privacy risks proactively, and helping organizational data users in meeting their core values.

[5] [check quotation syntax] Beginning in 1989, the Sub-committee undertook a review of Hong Kong laws and made recommendations to protect individuals' privacy from undue interference.

Similar to the Chief Executive Officer of Securities and Futures Commission(SFC), the Privacy Commissioner is distinct among other statutory bodies, heading a commission that possesses statutory powers of criminal investigation and enforcement, without holding the position of a principal official within the HKSAR government.

The PDPAO differentiated itself from the PDPO by the main feature of criminalising doxxing acts (i.e. to openly expose someone’s private personal data such as name, address and occupation).

The scope of the PCPD was therefore expanded in the sense that it was empowered to investigate criminal activities including doxxing, as well as the authority to initiate legal proceedings for prosecution for the related offences.

In addition, the Privacy Commissioner was also granted the statutory powers to ensure the cessation of sharing doxxing messages.

With a similar global status where Hong Kong and Singapore are both highly developed Asian financial hubs renowned for their well-developed economies, consummate infrastructure, and favourable business environments, the privacy laws are slightly different between the two.

Whereas the privacy law in Hong Kong is governed by the PDPO as previously mentioned, the authority in Singapore would be the Personal Data Protection Act (PDPA).

In compliance with the PDPA, the Personal Data Protection Commission (PDPC) as the enforcement body (similar to the PCPD).

In 2019, An anonymous open letter was issued by people claiming to be the staff of the PCPD to express views regarding the social incidents.

[16] In 2010, it was reported that Octopus Card issuer has made HK$44 million in the past 4+1⁄2 years by selling cardholder data.

Octopus Holdings chief executive Prudence Chan Bik-wah said she wished to 'sincerely apologise' to affected cardholders.

[18] The Registration and Electoral Office reported in March 2017, right after the chief executive election, that they have lost 2 laptop computers containing 3.7 million voters personal information.

The Privacy Commissioner for Personal Data, Ms. Ada Cheung Lai Ling stated that PCPD has contacted the school for further information.

[22] In 2022, two personal data breach incidents involving the Registration and Electoral Office (REO) were investigated by the PCPD.

In response to the concerns raised by the prohibition on face covering, the PCPD stated that the Prohibition on Face Covering Regulation was not in conflict with the Personal Data (Privacy) Ordinance with reason that the rights of the suspects would not override the public interests for the timely and effective prevention, detection, and apprehension or prosecution of the police.

[27] The PCPD stated that the tightening arrangement by the Transport Department was not problematic from the perspective of Persona Data (Privacy) Ordinance.