Date: 2 October 2019
PCPD Responds to Suspected Loss of Application Forms
for Caring and Sharing Scheme
by Working Family Allowance Office
The office of the Privacy Commissioner for Personal Data (PCPD) today gave the following response on the suspected loss of application forms for the Caring and Sharing Scheme (CSS) by the Working Family Allowance Office (WFAO):
The PCPD today (2 October) received a case filed by the WFAO regarding the suspected loss of 12,000 application forms for CSS. The PCPD was aware that:
-
The WFAO has not confirmed that the said data is lost. Hence the incident has not been confirmed as a data breach incident at this stage.
-
If the said data is confirmed lost, the PCPD would immediately initiate a compliance check to obtain more related facts and details. The WFAO has also mentioned in the filing that it would inform the affected parties and notify the PCPD if the loss is confirmed.
-
It is not mandatory to report data breach incidents under the current law, or to file potential data breaches to the PCPD. It is a good practice for organisations to file a case to the PCPD even when a data breach has yet to be confirmed. The PCPD has previously received such cases filed by other organisations.
-
Before confirming a data breach, organisations can initially conduct internal search within a reasonable period of time. The time needed depends on individual circumstances and the search should be completed as soon as possible.
-
Organisations, regardless whether they are government departments, public or private bodies, must take effective security measures for protecting personal data of customers against unauthorised or accidental access, processing, erasure, loss or use according to the requirements under Personal Data (Privacy) Ordinance (the Ordinance). Failure to do so may constitute contravention of the Data Security Principle of the Ordinance.
-End-