Hong Kong election officials ‘may face punishment’ over case of missing laptops with voters’ data
Report finds poor coordination and low awareness of IT security to blame
The officials responsible for the missing laptops that contained the personal information of 3.78 million voters may face disciplinary action, Hong Kong Secretary for Constitutional and Mainland Affairs Raymond Tam Chi-yuen said on Tuesday.
Releasing the results of the report on the incident, Tam also announced 18 recommendations to prevent a repeat of the case.
But some lawmakers were not convinced by Tam’s comments, saying that he should be held accountable for the saga.
Tam concluded that inadequate coordination among the relevant officials and their poor awareness of personal data protection were the major causes of the incident.
The theft came to light on March 27, one day after the city’s leadership election, when officers from the Registration and Electoral Office found two notebook computers missing.
The devices were supposed to have been locked in a storeroom at AsiaWorld-Expo, the backup venue of the election.
One of the laptops contained the names of about 1,200 members of the Election Committee that picked the chief executive. The other contained information on the city’s 3.78 million registered voters, including names, addresses and ID card numbers.
“I am sure the office’s management and the Civil Service Bureau would look into the report very carefully and decide on the next step,” Tam said.
He also suggested that disciplinary action could be initiated for officials if they were found to have neglected their duties or made administrative mistakes.
According to the report, an internal database containing the personal information of millions of voters was also used in the leadership election in 2012. The report stated that frontline staff from the office considered this a standard practice, despite only some 1,200 on the committee having the power to vote.
The report also said that the office’s senior management did not exactly know the nature of the data stored in the system, which is designed to verify voter identity.
Eighteen recommendations were suggested to beef up voter data security, including banning the use of the database – known as the electors information inquiry system – at polling stations for all elections, and setting IT security procedures and guidelines.
“There is no evidence that there has been any [data] leakage,” Tam said, adding that the data was protected by strong encryption.
IT sector lawmaker Charles Mok criticised the bureau for shifting responsibility to middle and lower-ranking staff. He said Tam should be held accountable for the incident.
Mok and a few other lawmakers are considering filing a civil claim over the government’s negligence.
New People’s Party chairwoman Regina Ip Lau Suk-yee agreed that Tam, whose term in office will end on July 1, should bear more responsibility over the incident.
The Registration and Electoral Office said that it would follow all recommendations to ensure no recurrence of similar incidents.