Police complaints body denies link with leak website

Alarmed council calls emergency meeting over bungle

The Independent Police Complaints Council (IPCC) yesterday denied any link with the operator of a website that carried the personal data of 20,000 complainants.

An urgent meeting of the IPCC will be held today to discuss the leaking of the highly confidential information on the internet. The case has gone to the technology crime division of the Commercial Crime Bureau for investigation.

IPCC vice-chairman and legislator Alan Leong Kah-kit said: 'I am obviously very concerned about this. We are calling an emergency meeting over this matter.'

A police source last night pointed out that the data processing of the council was contracted out to an outside operator. The police force handles its own data through an in-house department.

'Obviously the damage has been done as indeed the information was found on the Net,' the police source said. 'But no one can say for sure at the moment why it happened.' He said it might not be possible to find out for certain how the blunder occurred.

Yesterday the IPCC asked the Post to provide the data for its investigation after the server where the information was found, china2easy.com, removed the information from the Web, although the pages could still be retrieved on the cache in Google searches.

IPCC secretary Brenda Fung Yue Mui-fun said yesterday that 'never at any time' had the information been put on a system that could be accessed by the internet.

'That system is an office-based system; it is not an internet system and the information was never intended to go anywhere near the internet,' she said.

'We are trying to trace the loopholes and understand the technical details about how this has happened. This information was never, to my knowledge, on the internet or supposed to be there. The server has nothing to do with the IPCC.'

The registered operator of the website, De Motif Limited, could not be reached for comment yesterday. A visit by the Post to its registered address in Shamshuipo found its office gate closed.

Corporate governance activist David Webb uncovered the massive security breach during a Google search for a Hong Kong address.

Privacy Commissioner for Personal Data Roderick Woo Bun said discovery that the data was on a website would have caused 'serious alarm' to the people involved.

'Security control on electronic data requires special care to prevent unauthorised or accidental access to personal data in the course of their storage or transmission,' Mr Woo said. The Data Protection Ordinance states that all steps must be taken to ensure confidential information is secured.