Media Statements

The Office of the Privacy Commissioner for Personal Data (PCPD) noticed from the data breach notifications recently received from different organisations, including the Electrical and Mechanical Services Department, the Fire Services Department and the Urban Renewal Authority, that in all three incidents, the personal data was stored on the online platform ArcGIS Online (the Platform). The data breach incidents related to the malfunctioning of the login passwords and/or access rights, such that the data stored on the Platform could be accessed without the need to log into the specific interface through the accounts and/or with passwords. Currently, the PCPD has commenced investigations into the aforesaid three incidents in accordance with established procedures. 

More generally, the PCPD reminds users of cloud platforms, including both private and public organisations, which have uploaded their data, in particular personal data, onto these platforms to regularly check whether the login passwords and/or access rights to the relevant platforms are valid to ensure data security. If there is any malfunction of the login password and/or access right with the possibility of a data breach, the organisation should inform the affected data subjects as soon as possible and report the breach to the PCPD (telephone: 2827 2827 or email: dbn@pcpd.org.hk).

 

－End－