The blame game over who was responsible for the release of confidential details of 20,000 people on the internet has begun, following the release of the police complaints watchdog's report on the blunder.
The Independent Police Complaints Council (IPCC) report yesterday placed the blame squarely on EDPS Systems and its subcontractor Kirren Heung Yam-ling, who maintained the database of confidential information.
The data leak, discovered by shareholder activist David Webb on the china2easy.com website, was revealed in the South China Morning Post last month. The data contained the names, addresses, Hong Kong identity card numbers and even criminal records of people who had made complaints against the police. It also contained the names of the police officers the complaints had been made against.
In the report, the council said EDPS and Mr Heung were 'the immediate and proximate cause' for the information becoming available to internet searchers.
Council chairman Ronny Wong Fook-hum said litigation was likely to follow.
Mr Wong said the council would personally write to those affected, put an advertisement in two Chinese and English newspapers, and put in place credit monitoring to prevent the data being used for fraud.
The report also revealed that a secretary, described as 'Ms X', with no computer training had given the data to Mr Heung to be converted into a more modern format between 2002 and 2004. Ms X also told the council she had made no record of CDs she handed to the contractor.