PCO Office of the Privacy Commissioner for Personal Data, Hong Kong imagebanner image
Privacy Policy StatementSearchSite DirectoryText Only VersionChinese  
image
About PCPD
image
The Ordinance
image
Review of the Ordinance
image
PCPD Activities
image
Information Centreimage
Privacy Zone for Youngsters
image
Publications and Videos
image
Enquiries and Complaints
image
Case Notes
image
Contact Us
image
Press ReleasesSpeeches and Articles & PapersAnnouncement of Public Interest
Exhibition MaterialsOther Related WebsitesArchiveOther Resources
On-line Self TrainingSubmissions to Public Consultation
image

Information Centre
Privacy Commissioner investigates Police data leakage incident

 
 


Date: 9 March  2009
Privacy Commissioner investigates Police data leakage incident  

1.   The Privacy Commissioner for Personal Data (“the Commissioner”) Mr. Roderick B. Woo has ordered an investigation to probe into the recent incidents concerning the leakage on the internet of certain classified police documents which contained personal data.

2.    “I am gravely concerned that classified police documents have been repeatedly leaked on the internet through the “FOXY” file-sharing software.  In the course of my investigation, I will seek the Police Commissioner’s cooperation and ensure that the Police will take effective measures to stop personal data from accidental or unauthorized access.” Mr. Woo said.

3.    The Commissioner conducted a self-initiative compliance check not so long ago into some similar incidents.  It was admitted by the Police that some of its officers had used their personal computers which had installed the software in question to prepare police reports.  To prevent occurrence of similar incidents, the Police had agreed to take the following actions:

-    Setting up a Force Working Group to identify information security risk factors;
-    Informing Office of the Privacy Commissioner for Personal Data (“PCPD”) and affected data subjects of all data breach incidents;
-    Publishing messages on the Police notice board to enhance data security knowledge, e.g. how to uninstall Foxy software;
-    Instructing all Formation Systems Security Managers to conduct checks and inspections on all Police terminals;
-    Reviewing Police policies and relevant manuals on information security and data protection;
-    Setting up a Force Focus Group on personal data protection to advise police officers on the importance of data protection;
-    Exploring technical solutions to guard against data leak;
-    Carrying out periodic sanitization and inspection of all Police common terminals to remove unauthorized data;
-    Promulgating a guideline on how to investigate information security incidents.

4.    Since then the PCPD had conducted seminars for the benefit of police officers on personal data protection focusing on the legal framework, data protection principles, governance of data protection and data access request.

5.    “To help prevent further harm done to the affected individuals, I strongly urge internet users not to download or disseminate sensitive personal data on the internet after an accidental or unauthorized leakage has become known.”  Mr. Woo said.

6.    In his package of reform proposals to the Government in December 2007, the Commissioner proposed making it an offence (with certain exemptions) for any person who knowingly or recklessly, without the consent of the data user, obtain, disclose or procure the disclosure of personal information.  The selling of personal data obtained in such circumstances should also be regarded as unlawful.  The proposal, if adopted, would hopefully deter irresponsible behaviour of persons who, in flagrant disregard of personal data privacy, obtain or disclose personal data leaked by accident or without due consent.


END




 

Back to top

BackArchive

  imageNotice/ Copyright 2001 Office of the Privacy Commissioner for Personal Data, Hong Kong. All rights reserved. Disclaimer