The Hong Kong government has reported a third data breach in less than a week, this time involving the Fire Services Department.
Background
Following two data breaches involving the Food and Environmental Hygiene Department, and the Labour Department, this is the third data breach reported by the Hong Kong government within the past week.
The Fire Services Department (FSD) reported the latest data breach to the Office of the Privacy Commissioner for Personal Data (PCPD) on 30th January 2023.
Details of the Breach
- The breach involved a hard disk drive containing personal data of 818 individuals, including staff members, contractors, members of the public, and their family members.
- The data included names, identity card numbers, phone numbers, and email addresses.
- The hard disk drive was lost by a contractor who was transporting it between two FSD offices on 27th January 2023.
- The contractor has not yet been able to locate the hard disk drive.
Initial Response
The FSD has apologized for the data breach and is conducting an investigation to determine the cause of the incident and prevent future breaches.
The PCPD is also investigating the breach and has ordered the FSD to submit a report on the incident, including details of the affected individuals, the type of personal data involved, and the steps taken to prevent further breaches. The investigation is ongoing.
The FSD has set up a hotline for individuals who believe they may be affected by the data breach and is providing support to those affected.
Assessment and Discussion
This is the third data breach reported by the Hong Kong government in less than a week, raising serious concerns about the security of government data and the protection of personal information.
The breaches highlight the need for the government to strengthen its data protection measures, including improving data security practices, implementing stronger controls on the handling of personal data, and providing more training to staff on data protection.
The government has also been criticized for its slow response to the data breaches, and for not providing enough information to the public about the incidents.
The PCPD has a crucial role to play in investigating the data breaches, holding the government accountable, and ensuring that the rights of affected individuals are protected.
Conclusion
The recent data breaches are a serious wake-up call for the Hong Kong government. The government must take immediate steps to strengthen its data protection measures, improve its response to data breaches, and restore public trust in its ability to protect personal information.
The government must also consider establishing an independent data protection authority to oversee data protection in Hong Kong.
The PCPD should continue to investigate the data breaches and take enforcement action against those responsible for the breaches.
Affected individuals should be vigilant and take steps to protect their personal information, such as monitoring their credit reports and being cautious about sharing personal information online.
Kind regards,
E. Thompson.