The revelation came as the complaints watchdog faced a grilling by legislators yesterday over the blunder, which has left many of the 20,000 fearing for their safety.

Mr Heung left the company some time after uploading the sensitive information onto the china2easy.com website, where the data was discovered by shareholder activist David Webb.

But Mr Heung continued maintaining the council's systems without the body's knowledge.

Mr Heung is listed as director of China Motif, the firm that controls china2easy.com, and the uniform resource locator (URL) of the site included the name Kirren.

The website was pulled from the internet when the company was contacted by the South China Morning Post, although the confidential information remained in search-engine caches for three days afterwards and has since been reposted.

Mr Heung is seeking legal advice before speaking to the complaints council.

The chairman of the Legislative Council's security panel, James To Kun-sun, demanded to know why details of those responsible for the security breach were not available yesterday and why personal letters had not been sent to those affected.

Mr To also questioned why moves had not been made to change the Hong Kong identification numbers of those affected.

He said the leak should be a lesson to all government departments about protecting sensitive data.

'There might be people who are now in a risky situation.

'Before the leakage, most of the police officers would not have known who had complained, but now it is public knowledge,' Mr To said.

Complaints council chairman Ronny Wong Fook-hum admitted it was 'absolutely liable' for the leak and said greater effort should be made to make it truly independent from the government.

An investigation by the council found the confidential files were posted when the contractor failed to password-protect the information.

The contractor had used the website while converting a database from the Complaints Against Police Officers' section of the force - the public's first point of contact for lodging complaints - for use on the council's more antiquated computers.

EDPS Systems is one of 10 IT companies contracted to supply or recommend staff to service computers in government departments.

When contacted yesterday, Poon Chung-yin, director of EDPS, said: 'This issue is very sensitive right now in Hong Kong. For any questions relating to the company and liability, you'd better speak to the IPCC.'

A spokeswoman for the Office of the Government Chief Information Officer said under the contract with EDPS, the company recommended staff to deal with specific projects brought to it by government departments.

She said that payment for the service was sent directly to the company, so it was unclear how Mr Heung would have continued to work for the council if he was no longer employed by EDPS.