Hong Kong watchdog concludes electoral office breached privacy rules over 2 data leaks caused by human error
- Privacy commissioner says Registration and Electoral Office failed to take ‘all practicable steps’ to ensure protection of voters’ personal data
- Findings from watchdog follow investigations into two separate accidental data leaks by electoral office employees in March and April
Hong Kong’s privacy watchdog has found that the city’s electoral office breached regulations and failed to protect voters’ personal data following investigations into two incidents involving mistakes based on human error.
Ada Chung Lai-ling, the privacy commissioner for personal data, on Thursday said the two incidents involving the leakage of voters’ personal details showed the Registration and Electoral Office had not taken “all practicable steps” to ensure that such information was protected from unauthorised access.
The first incident occurred on March 23 and involved a clerical officer who was arranged to work from home on a select basis to reduce social contact amid the city’s fifth coronavirus wave.
The clerk intended to send two spreadsheet files which contained around 15,000 voters’ Chinese and English names, as well as their residential addresses, to her personal email account as part of her plans to work from home the next day
But the files went to an unknown recipient after she used the wrong email address. The clerk realised her mistake 10 minutes later when she was unable to find the email in her personal inbox, before reporting the incident to an assistant electoral officer.
Chung said the data breach incident stemmed from negligence and the clerk’s lack of awareness on the subject of data protection, which led to a break of the electoral office’s guidelines.