Hong Kong News
Nonpartisan, Noncommercial, unconstrained.
Saturday, Feb 22, 2025
Real, Diverse, Unbiased.
CE poll blunders and breaches come to light
An Election Committee member was issued two ballots in the chief executive election in May, but he returned one empty ballot, which was classified as invalid, according to a report published yesterday by the Electoral Affairs Commission.
According to the report, a commission staff member issued two ballots to the Election Committee member who submitted one valid ballot and another blank ballot classified as an invalid vote, which did not affect the poll results. The commission has handed the case over to law enforcement authorities.
In the report, the commission also recommended that the Registration and Electoral Office improve the functions of the electronic poll register system: "The system enhancement should include: upgrading its statistical functions in the collection, collation and generation of various types of electoral data and improving the user interface in order to make the system easier to use and operate."
It also recommended keeping barcodes on ballot papers, a practice meant to ensure double-counting does not occur, despite public concerns that voters' choices might be identified by matching the unique barcodes on their ballot papers to records stored in the EPR system.
But the commission recommended that the office consider using barcodes "on the premise that voting secrecy would be preserved absolutely."
Separately, two other reports were published yesterday on data breaches that occurred in March and April.
On March 23, an office staff member incorrectly sent two Excel files containing 15,070 electors' particulars to an unknown recipient.
Following a police investigation, officers contacted the recipient and confirmed that the recipient had not opened it before deleting it.
Under the civil service disciplinary mechanism, the office is taking action against the staff member, who is considered to have been negligent in handling personal data and contravening departmental guidelines on information technology security.
In the other data breach on April 28, a staff member accidentally sent a reply slip containing his own and his assistant's personal data to 64 Election Committee members or their assistants.
He has been reassigned to duties that do not involve the handling of personal data. The case has been referred to the privacy commissioner.
"The REO will review the workflow of handling personal data from time to time and make necessary enhancements to ensure that all procedures comply with the prevailing legislation, regulations and guidelines," the commission said.
In the report, the commission also recommended that the Registration and Electoral Office improve the functions of the electronic poll register system: "The system enhancement should include: upgrading its statistical functions in the collection, collation and generation of various types of electoral data and improving the user interface in order to make the system easier to use and operate."
It also recommended keeping barcodes on ballot papers, a practice meant to ensure double-counting does not occur, despite public concerns that voters' choices might be identified by matching the unique barcodes on their ballot papers to records stored in the EPR system.
But the commission recommended that the office consider using barcodes "on the premise that voting secrecy would be preserved absolutely."
Separately, two other reports were published yesterday on data breaches that occurred in March and April.
On March 23, an office staff member incorrectly sent two Excel files containing 15,070 electors' particulars to an unknown recipient.
Following a police investigation, officers contacted the recipient and confirmed that the recipient had not opened it before deleting it.
Under the civil service disciplinary mechanism, the office is taking action against the staff member, who is considered to have been negligent in handling personal data and contravening departmental guidelines on information technology security.
In the other data breach on April 28, a staff member accidentally sent a reply slip containing his own and his assistant's personal data to 64 Election Committee members or their assistants.
He has been reassigned to duties that do not involve the handling of personal data. The case has been referred to the privacy commissioner.
"The REO will review the workflow of handling personal data from time to time and make necessary enhancements to ensure that all procedures comply with the prevailing legislation, regulations and guidelines," the commission said.
