Diigo newsmarks 06/06/2007

六月 7, 2007

20070201Security breaches of personal data in Hong Kong – Bird & Bird  Annotated

    The PDPO requires a data user to put in place security safeguards to protect
    personal data in its possession. The degree of security protection should
    reflect the sensitivity of the data and the seriousness of the potential harm
    that may result from a security breach. According to the Privacy Commissioner’s
    Office, serious consideration must be given to the necessity of posting personal
    information or data on the internet at all.

    • 安全保护级别须与数据的敏感程度以及安全受损后所可能造成伤害的严重程度相适应 – post by foistudy
    Transmission of personal data on the internet is particularly susceptible to
    security risks. Organisations should apply a “harm test” to data collected or
    transmitted over the internet in order to assess the appropriate level of
    security measures.

      A practical measure that may be taken is the use of encryption to protect data
      transmitted via the internet .Where unencrypted data is used, data users are
      advised to take practicable steps to ensure that any sensitive personal data is
      not vulnerable to security breaches

        the PDPO does not impose any statutory obligation on data users to notify the
        Privacy Commissioner’s Office or data subjects of any instances of security

          a security incident whereby the Leisure and Culture Services Department (“LCSD”)
          leaked personal data. The leak arose when personal data of individuals
          participating in a slogan competition with the LCSD became accessible via the
          Google search engine. The data was subsequently removed from the

            the underlying reasons for the leakage and what measures would be required to
            prevent data leaks in the future. The Privacy Commissioner’s Office is expected
            to continue its enquiries into the matter and provide direction and guidance to
            the LCSD with respect to improving their procedures and practices for handling
            personal data

              the release onto the internet of personal data relating to individuals who had
              filed complaints against the police. Personal data held by the Independent
              Police Complaints Council (“IPCC”) relating to approximately 20,000 people who
              had filed complaints against the police, had been made public on the

                In an effort to prevent any recurrence of similar incidents,
                the Privacy Commissioner, in conjunction with the Information Systems Audit and
                Control Association (HK Chapter) (“ISACA”), Internet Professional Association
                (“iProA”) and the Hong Kong Institute of Engineers, has launched the
                “Information Security Enhancement Campaign”, along with guidelines for IT
                Practitioners on handling personal data.

                  The guidelines outline the procedures to be followed where personal data
                  collected by a data user is accessed or processed by an IT contractor.

                    Organisations must now determine what constitutes adequate security in the
                    context of where their electronic business is conducted and who is accessing
                    their services


                      Fill in your details below or click an icon to log in:

                      WordPress.com 徽标

                      You are commenting using your WordPress.com account. Log Out /  更改 )

                      Google+ photo

                      You are commenting using your Google+ account. Log Out /  更改 )

                      Twitter picture

                      You are commenting using your Twitter account. Log Out /  更改 )

                      Facebook photo

                      You are commenting using your Facebook account. Log Out /  更改 )


                      Connecting to %s

                      %d 博主赞过: