Blame game over police Web blunder

The blame game over who was responsible for the release of confidential details of 20,000 people on the internet has begun, following the release of the police complaints watchdog's report on the blunder.

The Independent Police Complaints Council (IPCC) report yesterday placed the blame squarely on EDPS Systems and its subcontractor Kirren Heung Yam-ling, who maintained the database of confidential information.

The data leak, discovered by shareholder activist David Webb on the china2easy.com website, was revealed in the South China Morning Post last month. The data contained the names, addresses, Hong Kong identity card numbers and even criminal records of people who had made complaints against the police. It also contained the names of the police officers the complaints had been made against.

In the report, the council said EDPS and Mr Heung were 'the immediate and proximate cause' for the information becoming available to internet searchers.

Council chairman Ronny Wong Fook-hum said litigation was likely to follow.

Mr Wong said the council would personally write to those affected, put an advertisement in two Chinese and English newspapers, and put in place credit monitoring to prevent the data being used for fraud.

The report also revealed that a secretary, described as 'Ms X', with no computer training had given the data to Mr Heung to be converted into a more modern format between 2002 and 2004. Ms X also told the council she had made no record of CDs she handed to the contractor.

EDPS said that from September 2004 to September 2005, the file had been accessed 2,016 times.

Yesterday, EDPS Systems boss Ken Ng Kin hit back at the council report and said its members had damaged the reputation of his company. 'They said the report would not blame anyone, but the report and comments made by Mr Wong apportion significant blame to EDPS and our outsourced database engineer, Mr Heung,' he said.

Mr Ng also said the council got some of the facts he supplied wrong.

Mr Webb has called for the government to take steps to ensure proper guidelines were in place to safeguard confidential data.

While saying the report was comprehensive, he said it was 'comical' that Ms X did not have any computer skills and said some of the proposed protections to be introduced would not work.

James To Kun-sun, chairman of the Legislative Council's security panel, said the government must also hold an independent inquiry into the IPCC's investigation to ensure it was carried out properly.

The Privacy Commissioner will investigate the incident.