Hong Kong News
Nonpartisan, Noncommercial, unconstrained.
Saturday, Feb 22, 2025
Real, Diverse, Unbiased.
Privacy watchdog requests electoral office for remedy on personal data breach blunders
Hong Kong's privacy watchdog completed the investigation of two personal data breach incidents of the Registration and Electoral Office, and asked for the electoral office to enhance security measures and review the workflow of personal data handling.
The Office of the Privacy Commissioner for Personal Data (PCPD) published an investigation report Thursday regarding the investigation.
One of the incidents involved the electoral officers accidentally sending the file of a voter's personal information to an unknown recipient, while the other incident concerned the officer accidentally attaching a reply slip of an Election Committee member while sending a test email.
Privacy Commissioner Ada Chung Lai-ling believed both incidents were mainly caused by human errors, and highlighted the electoral office does not take the necessary steps to protect the voters' personal data.
PCPD has issued two enforcement notices to the electoral office and required it to implement technological security measures to monitor the use of its email system, review and improve the workflow of collecting personal data from EC members, and strengthen the training on information security and the protection of personal data.
One of the incidents involved the electoral officers accidentally sending the file of a voter's personal information to an unknown recipient, while the other incident concerned the officer accidentally attaching a reply slip of an Election Committee member while sending a test email.
Privacy Commissioner Ada Chung Lai-ling believed both incidents were mainly caused by human errors, and highlighted the electoral office does not take the necessary steps to protect the voters' personal data.
PCPD has issued two enforcement notices to the electoral office and required it to implement technological security measures to monitor the use of its email system, review and improve the workflow of collecting personal data from EC members, and strengthen the training on information security and the protection of personal data.
