|
|
|
 |
|
| |
| Date: 26 October 2006
|
Information Security Enhancement Campaign
1.
The Privacy Commissioner for Personal Data, Mr. Roderick Woo, today (26
October) officially launched the Information Security Enhancement
Campaign (“the ISEC”), appealing to IT practitioners to comply with
the requirements of the Personal Data (Privacy) Ordinance (“the
Ordinance”) when handling personal data.
2. Co-organized by IT professional bodies including
the Information Systems Audit and Control Association (HK Chapter)
(“the ISACA”), Internet Professional Association (“the iProA”), Hong
Kong Institute of Engineers (“the HKIE”) and the Office of the Privacy
Commissioner for Personal Data (“the PCPD”), the ISEC aims to raise the
awareness of personal data privacy protection among IT professionals in
the wake of recent data leak incidents.
3. Mr. Woo said: “The incidents have alarmed the
community and revealed the need for exemplary personal data privacy
practices and policies among IT practitioners. A combination of good
IT security procedures and good personal data privacy practices makes
for good governance. In turn, this is good for business and
benefits our society in general.”
4. In an effort to prevent recurrence of similar
incidents, the co-organizers of the ISEC will undertake a number of
promotional and educational activities to assist IT practitioners
across all sectors in to better understanding the application of the
Ordinance in the handling of personal data. Amongst them is the
development of a clear set of privacy compliant guidelines.
5. The guidelines, titled “Recommended Procedures for
IT Practitioners on Personal Data Handling”, outline the procedures to
be followed in circumstances in which personal data collected by a data
user is accessed or processed by an IT contractor or sub-contractor
appointed to work on some aspect of the system. Employers, IT
practitioners and system administrators are encouraged to embrace the
guidelines and work to ensure their effective implementation.
6. “Risk management is more complicated since
the Internet has become widely accepted as a means of commerce.
Organizations now must determine what constitutes adequate security in
the context of where their electronic business is conducted and who is
accessing their services, instead of where the computer system is
physically located. This Guideline aims to draw attention to IT
practitioners to the importance of commitment to data privacy whilst
designing and implementing IT solutions and practices. ISACA
(HK Chapter) is pleased to be a contributor to ISEC working in
partnership with the PCPD, iProA and HKIE, and we hope to continue our
contribution in enhancing data privacy, security and governance in the
IT and business communities,” Ms. Susanna Chiu, Immediate Past
President & Director of ISACA (HK Chapter) said.
7. “Public concern about IT security and the
protection of personal data grows rapidly in recent years. We
hope that the ISEC can enhance the awareness of the IT practitioners on
this aspect,” Dr. Elizabeth Quat, Co-founder & President of iProA
said.
8. Dr. Chun-leung Chan, spokesman of HKIE said:
“Enhancing IT security and ensuring proper personal data handling are
two core elements of professionalism for IT industry. Apart from
reminding the IT practitioners the importance of these core elements,
the campaign also serves to raise the profile of IT professionals in
the public and the business community.”
9. Seminars will also be held for IT practitioners to
share best practices and experience in data protection in the near
future.
10. The guideline is are available for downloading from the websites of the ISACA ( www.isaca.org.hk), iProA ( www.iproa.org), HKIE (www.hkie.org.hk) and the PCPD ( http://www.pcpd.org.hk/english/publications/files/isec.pdf).
|
|
|
|
|
|
|
|
Back
to top
|
|
|
|
| |
Notice/
Copyright 2001 Office of the Privacy Commissioner for Personal Data, Hong Kong.
All rights reserved. Disclaimer
|
|
