In the report, the council said EDPS and Mr Heung were 'the immediate and proximate cause' for the information becoming available to internet searchers.

Council chairman Ronny Wong Fook-hum said litigation was likely to follow.

Mr Wong said the council would personally write to those affected, put an advertisement in two Chinese and English newspapers, and put in place credit monitoring to prevent the data being used for fraud.

The report also revealed that a secretary, described as 'Ms X', with no computer training had given the data to Mr Heung to be converted into a more modern format between 2002 and 2004. Ms X also told the council she had made no record of CDs she handed to the contractor.

EDPS said that from September 2004 to September 2005, the file had been accessed 2,016 times.

Yesterday, EDPS Systems boss Ken Ng Kin hit back at the council report and said its members had damaged the reputation of his company. 'They said the report would not blame anyone, but the report and comments made by Mr Wong apportion significant blame to EDPS and our outsourced database engineer, Mr Heung,' he said.

Mr Ng also said the council got some of the facts he supplied wrong.

Mr Webb has called for the government to take steps to ensure proper guidelines were in place to safeguard confidential data.

While saying the report was comprehensive, he said it was 'comical' that Ms X did not have any computer skills and said some of the proposed protections to be introduced would not work.

James To Kun-sun, chairman of the Legislative Council's security panel, said the government must also hold an independent inquiry into the IPCC's investigation to ensure it was carried out properly.

The Privacy Commissioner will investigate the incident.