Read More
Ayra WangNearly 46,000 individuals were affected in the two cases.
The Office of the Privacy Commissioner for Personal Data has criticized the Council of the Hong Kong Laureate Forum and the Hong Kong Ballet for failing to protect personal data in two separate data breaches last year.
ADVERTISEMENT
SCROLL TO CONTINUE WITH CONTENT
In separate enforcement notices, Privacy Commissioner Ada Chung Lai-ling said the organizations had contravened the Personal Data (Privacy) Ordinance by not taking "all practicable steps to ensure that the personal data involved was protected against unauthorized or accidental access, processing, erasure, loss or use."
Chung said the network of the council - an academic event organizer - was hacked on September 26, 2023, affecting 8,122 individuals, including 7,200 newsletter subscribers and young scientists.
The privacy office pointed out several security deficiencies, including the council's failure to update its firewall firmware and antivirus software, lack of multifactor authentication and proper password policies, inadequate network segmentation and internal firewall rules, poor monitoring of its service vendor's data security measures, absence of information security policies and guidelines, and insufficient data backup solutions.
Similarly, the investigation into the Hong Kong Ballet data breach on September 29 last year - which affected around 37,840 individuals such as staff, job applicants, subscribers, and sponsors - revealed a "glaring deficiency" in the organization's information system.The watchdog said the ballet company had been using outdated operating software for its server.
ayra.wang@singtaonewscorp.com
