Under our Personal Data Policy, group companies are required to comply with applicable legal requirements relating to the handling of personal data (including its collection, holding, processing, disclosure and use) and to respect the privacy of others and the confidentiality of information received in the course of business.
In 2018, Cathay Pacific discovered unauthorised access to some Cathay Pacific and Cathay Dragon passenger data. Immediate action was taken to contain the event and a thorough investigation was carried out.
In March 2020 the UK Information Commissioner’s Office (ICO) fined Cathay Pacific Airways Limited for contravention of the Data Protection Act 1998 in relation to the 2018 data incident.
During 2020, there were no convictions for non-compliance with laws and regulations relating to customer privacy that would have a significant impact on the group.