Jockey Club to guard treasury of betting data
A DATA protection policy has been developed by the Royal Hong Kong Jockey Club after a major review of computer systems.
Officials believe improved security is needed to safeguard their vast repository of betting information.
Chief executive Major-General Guy Watkins is expected to formally approve the changes next month ahead of distributing the procedures to the club's staff and management.
Included in the review is an updated contingency and recovery package under which the club contends it can survive unforeseen problems.
Security controller David Twynham yesterday confirmed the reforms, saying the club's increasing dependence on computers and data - and the sophisticated nature of criminals exploiting technology - prompted the review of all aspects of club operations.
'We can't reduce the inherent risk of our operations,' Mr Twynham said. 'But what we can do and are doing is to make our target harder to the stage where people will be effectively deterred.
'We have so much information here: computerised data, fax, internal data and disks and so on.
'But, what we are primarily protecting with the release of these procedures are betting transactions.' The regulations follow visits to Hong Kong in 1992 and 1994 by Professor Henry Becker, a world-renowned data security consultant.
In an initial review of club data security arrangements, he noted a number of areas capable of improvement.
His report also included a proposal to devise a comprehensive information protection policy.
Mr Twynham said no breach of security had occurred in his time but, because of the value of the club's information holdings - including betting transactions, telebet facilities and official reports - club officials had an obligation to act to protect technology.
He said he hoped the procedures made all staff aware of the club's philosophy on data protection, averting the risk of in-house malpractice.
However, the policy was also geared to withstand external attack. 'It simply makes good business sense,' Mr Twynham said.
'We have always been concerned to ensure all our data is protected and that our access to it is appropriate and authorised.
'Our studies have also looked again at our contingency and disaster recovery plan, which is already in place, so if some sort of an incident does occur, we can set up immediately from a separate site.' Once the package is fully disseminated, it is envisaged that management will be exposed to awareness seminars.
They will then be responsible for ensuring staff are briefed on the nature of the improvements and procedures.