Details sought on police names leak

Internet users who examined unsecured data after IT blunder may have been involved in litigation

Police investigating internet users who accessed the thousands of names of police complainants accidentally released on the Web a month ago have found some that may be involved in litigation.

EDPS, the IT company contracted to maintain the database which held the 20,000 names, has given police the IP addresses used to access the data while it was online.

A police spokeswoman said yesterday that after initial inquiries, the technical crime division of the Commercial Crime Bureau had asked for details on the leaked data.

A report by the Independent Police Complaints Council (IPCC) released on Saturday blamed EDPS and sub-contractor Kirren Heung Yam-ling for the leak, which was discovered by shareholder activist David Webb and revealed in the South China Morning Post last month.

Yesterday the IPCC ran advertisements in four newspapers to apologise to those whose personal data was leaked.

'The Independent Police Complaints Council deeply regrets the recent leakage of its data and any resultant inconvenience which might have been caused to you,' said the statements printed in the South China Morning Post, the Oriental Daily News, Apple Daily, and The Standard.

The council's vice-chairman, Alan Leong Kah-kit SC, said on a radio programme that the council was not trying to determine the exact responsibility of all parties.

'The reason why we did not state who should bear how much responsibility was because there is an independent inquiry being conducted by the Privacy Commissioner ... we believe the persons involved may be involved in litigation,' Mr Leong said.

'Even if people accept that the IPCC report was done without withholding any information, it is understandable that some may still feel it lacks a definite verdict about who was wrong.'

But EDPS director Ken Ng insisted that the IPCC report had suppressed crucial information and was flawed. He said he planned legal action against the council's members, especially Mr Leong, who he said had reneged on assurances to keep the report objective and not to apportion blame.

'He made a lot of damaging statements about our company. I cannot see how a member of the Legislative Council and a senior counsel can act in this manner. It is despicable. I am talking to my lawyer about filing a complaint, possibly with the Bar Association.'

By yesterday afternoon, the IPCC had received 339 complaints about the leaked data, while the Office of the Privacy Commissioner had received 20 complaints.

Mr Ng said he would submit a report to the Privacy Commissioner addressing many issues contained in the IPCC report and others that he felt had been omitted.