Date: 25 April 2019
Response to media enquiry on the suspected cyberattack of Amnesty Intermational Hong Kong branch's IT system
Thank you for your enquiry regarding the possible data breach due to the hacking of computer system of Amnesty International Hong Kong. Our responses are as follows:
-
The office of the Privacy Commissioner for Personal Data (PCPD) received Data Breach Notification from the said organisation today. Privacy Commissioner for Personal Data (Privacy Commissioner) Stephen Kai-yi Wong has initiated a compliance check to gather the fact and further details on the incident including the cause of the data breach, number of affected persons, and evaluate proposed actions or actions taken etc.
-
All organisations are obliged to take effective security measures to protect the personal data of users and employees from unauthorised access or use. Failure to do so may amount to a contravention of the personal data security principle under the Personal Data (Privacy) Ordinance.
-
The Privacy Commissioner also encourages the organisations concerned to inform PCPD about the data breach incidents. Reporting data breach incidents can help facilitate cooperation between the PCPD and the organisations involved to minimise the potential damage caused by the incidents, and to look for improvement measures to prevent recurrence of similar incidents. The PCPD will also provide advice and assistance to the organisations concerned to ensure that timely remedial actions can be taken.