Monday, November 30, 2015   

School drug testers hit for privacy lapses

Phila Siu

Friday, July 27, 2012


A trial scheme on drug testing in schools that the government wants to conduct on a territory-wide level has come under criticism for neglecting privacy concerns.

In a report released yesterday, Allan Chiang Yam-wang, the privacy commissioner for personal data, pinpointed a list of loopholes for the testing scheme, carried out at 23 Tai Po secondary schools between 2009 and last year.

The testing was done by the Security Bureau's Narcotics Division and the Education Bureau. As it was voluntary, students chosen to provide a urine specimen were entitled to say no.

Chiang said although the two bureaus set protocol to guide the schools, they did not conduct a privacy impact assessment.

The protocol also did not state how long the students' personal information should be kept, although participating schools decided for themselves to destroy the data after the testing.

Chiang said staff from the Hong Kong Lutheran Social Service, which helped schools to conduct the scheme, did not do enough to protect the students' data stored on a USB flash drive.

"Although the information was stored in a USB flash disk protected by a password, the password was placed together with the flash disk," Chiang said.

He also said teachers used their personal computers to process the data, but received no guidance on safeguarding security of the stored data.

Chiang said a contractor used a remote server to randomly select students to take the drug test and store the result. But there were no contractual obligations for the contractor to provide security measures to protect the personal data stored.

The commission rolled out a list of 15 suggestions, including carrying out a privacy impact assessment.

Chiang said if the drug test scheme is to be carried out on a territory-wide level, the government needs to give more detailed guidance to the schools.

A spokesman for the Narcotics Division said it welcomes the report and that some amendments have already been made to the protocol. In the revised protocol, all computers storing students' data have to shut down internet connections.

© 2015 The Standard, The Standard Newspapers Publishing Ltd.
Contact Us | About Us | Newsfeeds | Subscriptions | Print Ad. | Online Ad. | Street Pts


Home | Top News | Local | Business | China | ViewPoint | CityTalk | World | Sports | People | Central Station | Spree | Features

The Standard

Trademark and Copyright Notice: Copyright 2015, The Standard Newspaper Publishing Ltd., and its related entities. All rights reserved.  Use in whole or part of this site's content is prohibited.   Use of this Web site assumes acceptance of the
Terms of Use, Privacy Policy Statement and Copyright Policy.  Please also read our Ethics Statement.