Legal amendments to directly penalise firms involved in data breaches are being considered, privacy commissioner Ada Chung said on Saturday, which would change the current practice of issuing an enforcement notice with a non-compliance subject to a fine or imprisonment.

Speaking on a HOY TV programme, Chung said there is a need to empower the watchdog to penalise firms breaching the privacy ordinance to increase deterrence.

"If we are to introduce a mechanism for administrative fines, we have to look at a series of factors and then decide on the penalty amount. For example, the number of people that were affected by the data breach, because affecting 10 people is completely different from affecting 100,000 people," she said.

"Also we have to look at the sensitivity of the data, whether it involves medical records, as well as how the data was leaked, whether it's the fault of the company or its staff, or simply an individual case.“

Chung said the privacy watchdog received 97 data leak reports in the first half of the year, with seventy percent of them coming from private firms and public bodies accounting for the rest.

The number of data breaches in the second quarter rose by 70 percent, she added.