Government Data Leaks in Hong Kong: A Call for Urgent Action

Hong Kong Government Departments Face Embarrassing Data Leaks

In a series of alarming incidents, several Hong Kong government departments have recently experienced data leaks, putting the personal information of thousands of residents at risk. The breaches have raised serious concerns about the security of sensitive data and the need for stronger measures to protect privacy.

Last week, details of three major breaches came to light. The Companies Registry inadvertently leaked the data of 110,000 individuals, including names, passport numbers, and identity card details. The Electrical and Mechanical Services Department also exposed the personal information of 17,000 residents collected during the pandemic due to a password login error. Additionally, the Consumer Council fell victim to a cybersecurity attack, resulting in the leak of information from over 170 people.

Adding to the growing list of data leaks, the Fire Services Department disclosed a potential breach involving the details of more than 5,000 staff and residents. These incidents highlight the urgent need for improved data security measures across government agencies and organisations.

Ada Chung Lai-ling, Hong Kong’s personal data privacy commissioner, expressed deep concern over the repeated breaches and emphasized the importance of safeguarding personal information. She called for immediate action to address vulnerabilities in the system and prevent future data leaks.

In response to the alarming trend, all government bureaus and departments have been instructed to conduct a thorough review of their security systems and report back within a week. Chief Executive John Lee Ka-chiu announced plans to establish a new digital policy office to oversee IT-related affairs and enhance cybersecurity measures.

As the government works to strengthen data protection protocols, there is a growing call for centralised cybersecurity protection to ensure better coordination and control. The establishment of the new digital policy office is seen as a step in the right direction, but more must be done to address the systemic issues contributing to data breaches.

Moving forward, it is essential for all organisations collecting personal data to prioritize cybersecurity and implement robust measures to safeguard sensitive information. With cyber threats on the rise globally, proactive efforts to promote cybersecurity awareness and provide training are crucial to mitigating risks and protecting individuals’ privacy.