Watchdog fangs pushed to fight doxxingTop News | Jane Cheung 15 Jan 2020
The privacy commissioner will be given statutory power to remove doxxing content on websites including social media under a proposal to amend the law.
A suggested amendment also seeks to give the privacy watchdog legal rights to carry out criminal investigations and make prosecutions.
This comes after the commissioner's office found more than 4,700 cases of doxxing - revealing information about individuals - since June, according to a government paper submitted to the Legislative Council panel on constitutional affairs.
"The cause of incidents of personal data privacy breaches has recently shifted from mostly involving improper collection or use of personal data or direct marketing to digital platforms and data security, such as personal data breaches, hacker attacks resulting from security loopholes and improper disclosure of personal data of others on online platforms," the Constitutional and Mainland Affairs Bureau states.
And it is "deeply concerned" about recent incidents of doxxing, the bureau added. So now comes a push to amend the Personal Data (Privacy) Ordinance. "Directions under consideration include introducing legislative amendments to more specifically address doxxing, conferring on the commissioner statutory powers to request the removal of doxxing content from social media platforms or websites as well as powers to carry out criminal investigation and prosecution."
Among the 4,700 doxxing-related complaints and inquiries that privacy commissioner Stephen Wong Kai-yi has received since June, 1,400 have gone to police for investigation.
Victims of doxxing have come from all backgrounds and with different political views, the bureau noted. They included police officers and family members, government officials, and citizens who have spoken for or against the administration and police.
Wong had by year's end approached more than 140 operators of websites, social networks and discussion forums asking them to remove some 2,500 doxxing links - and almost 70 percent were duly deleted.
Also, the High Court in October issued an injunction prohibiting disclosure of personal data of police officers and family members. Wong has now referred 40 cases of suspected violations of the injunction to the Department of Justice.
The bureau is proposing to make it mandatory for companies to report data breaches to the public and to those whose information is leaked. A fine may be linked to a company's annual revenue.
This came after major data breaches in recent years. In late 2018, credit reporting agency TransUnion was revealed to have security loopholes after a journalist managed to obtain the credit report of Chief Executive Carrie Lam Cheng Yuet-ngor by inputting personal details available online.
In the same period Cathay Pacific announced personal information of 9.4 million passengers had been affected in a data breach.
The amendment proposal will be discussed at a panel meeting on Monday.