Complaints and enquiries to the privacy watchdog rose sharply last year, driven partly by new restrictions on direct marketing, the latest figures show.
Privacy Commissioner Allan Chiang Yam-wang highlighted a rise in complaints related to social media and smartphone applications.
He said the sharp rise in complaints was partly due to businesses and consumers being unfamiliar with more recent legislation.
The Personal Data (Privacy) (Amendment) Ordinance 2012 took effect with new provisions on April 1.
The law makes it compulsory for companies to make sure their customers do not object to the use of their data for direct marketing.
Companies must also inform customers of the type of data that will be used or transferred.
Failure to comply with either requirement constitutes a criminal offence.
Last year, the number of complaints and enquiries recorded at the Office of the Privacy Commissioner for Personal Data increased 48 per cent and 27 per cent, respectively, from 2012.
More than three-quarters of the 1,792 complaints were against private organisations.
Nearly 30 per cent of the complaints and more than half of the 24,161 enquiries involved the new restrictions on personal data.
The number of complaints declined steadily towards the end of the year, Chiang noted.
Only 227 of the complaints, or 13 per cent, were directed against government departments and public bodies.
Some of these concerned the Hospital Authority and the police force, both of which had failed to provide adequate measures to prevent accidental leaks of personal data, he said. The office issued notices to both bodies last year requiring that the shortcomings be rectified.
Chiang also noted that other jurisdictions, such as Singapore, planned to enforce laws guaranteeing that data transferred abroad would receive the same level of protection as it did on home ground.
Hong Kong's delay in enforcing such legislation could compromise its position as an international financial and data centre, he warned.
None of the complaints regarding the leaking of personal data from social networks were pursuable, Chiang noted.
He advised users to make full use of privacy settings offered by social media websites, and always to read carefully the permission requests from any mobile app they downloaded.
His office had invited a Facebook privacy officer to visit Hong Kong in May as part of its public education efforts, he said.
The office also found data protection efforts by the Student Financial Assistance Agency were inadequate. The agency handled almost a million applications for financial aid and scholarships between 2010 and last year.
It advised the agency to better supervise data input contractors, to ensure all data was erased after use.
The agency should also issue to staff clear guidelines governing stricter identity verification for its customers.