Punish officials over govt data leaks: lawmaker

The heads of government departments responsible for data leaks should be held accountable and punished for the blunders, DAB lawmaker Elizabeth Quat said on Monday. On Friday, the Companies Registry said data on some 110,000 people had been exposed due to a fault in its digital platform, just a day after the Electrical and Mechanical Services Department said a password problem put data on 17,000 public housing tenants at risk. Quat, who chairs Legco's Panel on Information Technology and Broadcasting, said personal data leaks by government departments and public bodies are completely unacceptable. She added that the heads of departments should bear responsibility for safeguarding sensitive data, rather than relying on the Office of the Government Chief Information Officer (OGCIO), which serves as the government's main IT support office. "The head of the department should be responsible for all the cyber security issues of their own department, computer system and networking. We suggest the government to make sure that all the government heads, department heads and also the IT project heads are responsible for all the cyber security issues," she said. Francis Fong, honorary president of the Information Technology Federation, said he was surprised by the apparent failure of the Companies Registry to conduct a security check on a new system prior to its launch. "It is actually a design fault on a new system implemented. So I was surprised why they had not done any security check before the system was implemented and launched," Fong said. "Similar mistakes have happened again and again in different IT departments. So if all these IT departments can get guidelines from the OGCIO, I hope we can solve this problem once and for all." Fong also called on government departments to enhance collaboration in safeguarding data security.