All government bureaus and departments were requested to remove sensitive and personal information from public cloud servers, according to the Office of the Government Chief Information Officer (OGCIO).
This came after the recent data leakage incidents involving the Companies Registry and the Electrical and Mechanical Services Department (EMSD).
The registry said on Friday (May 3) that the personal information of some 110,000 people – including names, identity and passport numbers, addresses, and phone numbers – has been exposed due to a fault in its digital platform.
Just days before, EMSD apologized for the data leak of some 17,000 public housing residents who had to undergo mandatory Covid tests in 2022.
OGCIO said it is highly concerned about the incidents and had sent clear directives to the heads of bureaus and departments about the reviews.
It has asked all bureaus and departments to comprehensively review their data security measures and reply within a week.
Anthony Lai Cheuk-tung, a malware analyst and researcher, suggested that government departments review the collected data for disposal every single time after completing a project that involves a lot of personal data.
He added that European countries and Japan were more strict about such issues and immediately deleted outdated data as well as ensuring the information could not be restored.
Lai said that, in comparison, the Office of the Privacy Commissioner for Personal Data regulations were relatively lax, and he urged the government to review and delete outdate data often.
Hong Kong United Times丨香港聯合時報丨HKUT 