Loss of child patients' data sparks inquiry

PUBLISHED : Saturday, 10 May, 2008, 12:00am
UPDATED : Saturday, 10 May, 2008, 12:00am

The Health Department has launched an inquiry into two alleged cases of loss of personal data at children's clinics.

The investigation follows a complaint letter in which the department was accused of trying to cover up the blunders, with one case allegedly occurring two years ago.

The letter was sent to the Civil Service Bureau, which handed it to the department yesterday for follow-up action.

It is understood that the anonymous letter claimed two USB flash drives, containing personal data on children and their parents, were lost at child-assessment centres in Sha Tin and Fanling.

It said the Sha Tin case occurred 'recently', while the Fanling case happened in 2006 but was never reported to the government.

The letter did not detail the extent of the data leaks.

A Health Department spokesman confirmed receipt of an anonymous letter yesterday.

'We have launched an investigation. We take it seriously,' the spokesman said.

Chief Executive Donald Tsang Yam-kuen has expressed concern over the recent spate of personal data leaks and has instructed bureau chiefs to keep a closer eye on data security.

The Office of the Government Chief Information Officer (OGCIO) has issued two circulars in the past week to bureaus and departments, asking staff to tighten up security.

The latest circular, issued on Thursday, said a staff member must have prior approval by his supervisor before transferring data from a computer to a portable electronic device and must also use only portable devices provided by the government.

An OGCIO spokeswoman said: 'We have also scheduled a review of the security regulations, policies and guidelines as part of our regular work programme.'

Chung Kwok-sing, of the Hong Kong Civil Servants General Union, said: 'Many civil servants are overloaded and often need to store things in movable devices to take the work home.'

He asked departments to offer more training to improve staff members' awareness of computer security.

Meanwhile, privacy commissioner Roderick Woo Bun met senior Hospital Authority management yesterday to discuss a planned inspection.

He had told the authority he planned to inspect systems storing patients' data after recent leaks at hospitals.