Opening remarks by SCMA at press conference on report of task force on REO computer theft incident (with video)
First of all, thank you for attending the press conference today under the Red Rainstorm Warning Signal and Strong Wind Signal No. 3. Together with Miss (Rosanna) Law, Deputy Secretary for Constitutional and Mainland Affairs, and Mr (Jason) Pun, Assistant Government Chief Information Officer (Cyber Security and Standards), we will give an account of the report submitted to me by the Task Force on the Computer Theft Incident of the Registration and Electoral Office. I will first say a few words before asking Miss Law to introduce the key observations and recommendations of the Task Force and taking questions from the floor.
On March 27, the Registration and Electoral Office (REO) found that two notebook computers stored in AsiaWorld Expo, the fallback venue of the 2017 Chief Executive Election, were missing and suspected to be stolen. Amongst the two missing notebook computers, one contained personal information of about 3.78 million Geographical Constituencies electors, i.e., their names, Hong Kong Identity Card numbers, addresses, and the constituencies that the electors are registered in. On behalf of the REO, I would like to express our sincere apologies again to registered voters for any inconvenience or distress caused.
The Government attaches great importance to the incident. Immediately after the incident the REO and I, as well as other relevant departments, took a series of follow-up actions. The REO reported the incident to the Police within the same day, as well as to the Office of the Privacy Commissioner for Personal Data (PCPD) and the Government Information Security Incident Response Office. The Police have classified the case as theft. I understand that as of now, the Police's criminal investigation is still ongoing, while the PCPD published its report on the handling of personal data by the REO yesterday afternoon.
In addition to the investigations mentioned above conducted by the Police and the PCPD respectively, I also proactively requested a special meeting of the Legislative Council (LegCo) Panel on Constitutional Affairs (CA Panel) to give Members an account of information that the REO had gathered then. The CA Panel special meeting was held on April 11, 2017. The Chief Electoral Officer of the REO and I attended and responded to Members' questions. At the same special meeting, I also announced the establishment of a task force led by the bureau to conduct a comprehensive review of the incident as well as to recommend improvement measures and submit a report to me within two months' time.
The Task Force was headed by Miss Law, and included an information security expert (a representative from the Office of Government Chief Information Officer) and a security expert (a representative from the Security Bureau) of the Government as members of the Task Force, so as to ensure that the Task Force could look into the incident in an objective and professional manner. I thank members of the Task Force for their hard work over the past two months in reviewing the incident and in preparing this Report. I would also like to thank the Chairman of the Electoral Affairs Commission (EAC), Mr Justice Barnabas Fung Wah, who attended meetings of the Task Force as an observer, and the EAC for its support on the work of the Task Force.
I formally received the Report of the Task Force yesterday, and provided the Report to the LegCo CA Panel this morning. The Report is also uploaded to our website (www.cmab.gov.hk/en/issues/tfr.htm). The Report covers areas including the handling of personal data, information security, overall security arrangements for election venues, as well as the internal supervision and review system of the REO. The Task Force has made detailed analysis on the course of events leading up to the incident, made several observations on the inadequacies of the REO on the above aspects, and made a number of recommendations. I agree with the findings and recommendations in the Report. The findings are objective, fair, and comprehensive. The recommendations address the problems and are practicable and conducive to the REO in fundamentally improving its internal system and work processes, so as to enhance the management and operational capacity of the department. I have instructed the REO to implement every recommendation of the Report as soon as possible. In addition, I have also instructed the REO to proactively and unreservedly follow up all directions and recommendations in the report of the PCPD, so as to prevent similar incidents from happening again. REO colleagues and I will attend the meeting of the LegCo CA Panel next Monday (June 19) to give an account of the findings and recommendations of the Task Force to Panel Members.
I would like to point out that the duty of the Task Force was to find out the reasons leading to and the course of the incident and make recommendations on improvement measures. As regards the performance and role of relevant REO officers in the incident, including whether this should be followed up through the internal staff appraisal mechanism, or even involve disciplinary procedures, we will defer to the relevant departments, including the Civil Service Bureau, to consider in accordance with the established mechanism.
Last but not least, I hope the REO can learn from this painful lesson and conscientiously implement the improvement measures. The Constitutional and Mainland Affairs Bureau will fully support the REO in securing the manpower and financial resources to implement the recommendations in the Report.
Ends/Tuesday, June 13, 2017
Issued at HKT 18:16
Issued at HKT 18:16
Audio / Video
Press conference on report of Task Force on Computer Theft Incident of Registration and Electoral Office