PCPD implemented
information security enhancement measures
1. Members of the Legislative Council Panel on
Information Technology and Broadcasting (the Panel) held a meeting on 9
July 2007 to discuss the information security status of public
organizations and the information security protection measures pursued
by the Government in the wake of information security incidents.
2. At the meeting, members were informed of the
progress of information security improvements made by the public
organizations. The results showed that 16 public organizations,
including the Office of the Privacy Commissioner for Personal Data
(PCPD), had not completed all the information security enhancement
measures recommended by the Office of the Government Chief Information
Officer earlier.
3. The Privacy Commissioner for Personal Data Mr.
Roderick Woo (the Commissioner) confirmed that at the time of the last
update, 70% of the recommended measures were already in place in his
Office. Since then, all but one of the measures had been
implemented when the Panel met on 9 July 2007. The outstanding
recommendation would entail the engagement of an external professional
retainer for the information security risk assessment and audit.
The expenditure to be incurred is not provided for in the PCPD's annual
budget. The Commissioner will need funding from the
Government. He calls upon the Government to provide the necessary
funding to all public organizations (including his Office) for this to
be done so that personal data privacy protection can be enhanced.
4. In response to a spate of online data leakage
incidents that took place last year, the PCPD has taken the initiative
to launch the Information Security Enhancement Campaign last October
offering a wide range of guidance and training to IT
professionals. Besides that, the PCPD has also as part of its
ongoing promotion and training programme provided continuous practical
guidance on the handling of personal data to all government departments
and government related organizations.
Back
to top