REO accepts PCPD's investigation report on two data breach incidents
***************************************************************

     The Registration and Electoral Office (REO) accepts the investigation report of the Privacy Commissioner for Personal Data (PCPD) issued today (December 29) on the two data breach incidents that occurred on March 23 and April 28 this year and will take the steps specified in the enforcement notice and follow up on the recommendations made in the report to forestall the recurrence of similar incidents.
 
     The REO agrees that the two incidents were mainly caused by human errors and a lack of awareness of data protection, and that the REO should take more stringent precautionary measures to minimise the risk arising from negligence or non-compliance of guidelines on the part of staff.
 
     A spokesman for the REO indicated that the REO attaches great importance to the handling and protection of personal data and is committed to complying with the Personal Data (Privacy) Ordinance and relevant codes of practice/guidelines issued by the PCPD and the Office of the Government Chief Information Officer (OGCIO). The department has formulated clear and stringent departmental guidelines in handling personal data carefully.
 
     In addition, the REO published two summary reports on the investigations of the two data breach incidents on September 13 with the causes of the incidents and improvement measures that could be taken. The working group formed by the OGCIO, the Constitutional and Mainland Affairs Bureau and the REO has conducted a comprehensive review on the information security of the REO to strengthen the department's management and training in that regard. The REO will actively implement the recommendations of the working group.

Ends/Thursday, December 29, 2022
Issued at HKT 14:30

NNNN