The government must take seriously its responsibility to safeguard personal data
The loss of two computers containing information on 3.8 million people and the lack of transparency from officials over the incident are regrettable
As the city’s largest holder of citizens’ personal information, the government has full responsibility for data protection and security. Regrettably, the job is not always taken seriously, as reflected in the loss of data storage devices reported from various departments from time to time. The recurring blunders do not square with the image of a responsible administration.
The Registration and Electoral Office has yet to give a satisfactory explanation as to why the personal data of 3.8 million voters had been brought along to a ballot which was only confined to 1,194 Election Committee members, who were tasked to pick the city’s leader on March 26. The office had to spend HK$5 million sending letters of apology to all the voters, after the two laptops with their names, identity card numbers and addresses were stolen from a backup venue at Asia World Expo.
Equally questionable is the way the fallout has been handled. Initially, the authorities only issued brief written statements after media enquiries. It was not until the following week that the minister responsible for elections gave an account in person. The chief electoral officer later conceded that the room from which the two laptops were stolen had been locked but unguarded. A subsequent review concluded that it was inappropriate to have brought along general voters’ data to the venue, he added.
Whether the loss has led to abuse of the data remains unclear at this stage. But the number of people involved this time is one of the largest. Indeed, the growing use of portable storage devices has made personal data more vulnerable. Over the past decade, losses of electronic devices containing citizens’ data have not been uncommon among government departments and public agencies. The Census and Statistics Department was forced to come clean on the loss of two tablets, one of which contained the personal data of 46 people. The incident happened back in July but the department only revealed the details after media enquiries on Tuesday evening.
Given the sensitivity of personal data, the government must handle such information with greater care.