Read More
Hong Kong’s privacy watchdog on Thursday criticized the Council of the Hong Kong Laureate Forum and Hong Kong Ballet over two separate data breaches last year, saying the two bodies have contravened the Personal Data Ordinance with their deficiencies.
ADVERTISEMENT
SCROLL TO CONTINUE WITH CONTENT
The watchdog said Privacy Commissioner Ada Chung Lai-ling has served Enforcement Notices to the two bodies, directing them to take measures to remedy the contravention and prevent similar recurrence of the contraventions.
The data breach involving the Council of the Hong Kong Laureate Forum occurred on September 27 last year, affecting the personal data of 8,122 individuals which include e-newsletter subscribers and young scientists.
The watchdog said deficiencies were found in the council’s information system management, which included the failure to update the firmware of the firewall, which had multiple critical vulnerabilities, the absence of any update of the anti-virus software database since 2019, and the absence of multi-factor authentication for remote access to verify the identity of users.
It also said the council has lax monitoring of the data security measures adopted by the service vendor, lacks policies and guidelines on information security, and lacks appropriate data backup solutions.
Meanwhile, the watchdog’s investigation found Hong Kong Ballet using outdated operating software for their server, also noting there was unnecessary exposure of the server to the Internet during system migration performed by their service vendor.
Hong Kong Ballet also lacks monitoring of the data security measures adopted by the service vendor and there is an absence of security assessments and security audits of their information systems, it added.
