The Office of the Privacy Commissioner for Personal Data (PCPD) today published an Inspection Report on the personal data system of the Registration and Electoral Office (REO).
Since 2017, there have been repeated data breach incidents relating to the personal data held by the REO. Each of the incidents attracted considerable media attention and criticism from the public. Against this background, the Privacy Commissioner for Personal Data (the Privacy Commissioner), Ms Ada CHUNG Lai-ling, invoked the power vested in her under section 36 of the Personal Data (Privacy) Ordinance (the Ordinance) to carry out an inspection to review the personal data system of the REO, with an aim to strengthen the protection of personal data in the possession of the REO and prevent the reoccurrence of similar incidents in the future.
The findings of the inspection reveal that the REO has made significant efforts to implement a Personal Data Privacy Management Programme and has built a robust infrastructure to protect personal data privacy, which is supported by an ongoing review and monitoring process to facilitate compliance with the requirements under the Ordinance. The compliance standard of the REO in terms of data protection is expected to be further stepped up, considering its implementation of the recommendations made by the Office of the Government Chief Information Officer in a review report and its continuous compliance with the PCPD’s enforcement notices relating to the two data breach incidents in 2022.
The Privacy Commissioner has also made ten recommendations to the REO in the report to enhance the security of the personal data held by the REO.
In addition, the Privacy Commissioner strongly encourages the REO to continuously strive to instil and maintain a strong culture of data protection among all staff members to better protect the privacy and security of the personal data of its stakeholders and demonstrate its commitment to good data governance and building trust with members of the public.
Please click here to download the “Inspection Report: Personal Data System of the Registration and Electoral Office”.