23

PCPD News

私隱專員公署通訊

•

Issue no. 29

公署的調查指出，香港警務處在兩宗分

別遺失警察記事冊和「定額罰款單」的資

料外洩事故中，未有妥善保護文件中的

個人資料和避免資料意外遺失，違反條

例的資料保安規定（保障資料第

4

原則），

逐發出執行通知，指令警務處訂立額外

的保安程序堵塞漏洞，以及加強監督有

關文件的處理過程。

是次調查的範圍是

11

宗警務人員遺失記

事冊和定額罰單的事故，共涉及

285

名

罪案受害人、證人及疑犯等的個人資料。

私隱專員認為，不論是否涉及違規，這

些事故中的警務人員都有疏忽大意。儘

管人為錯誤不可杜絕，但考慮到涉案的

個人資料性質非常敏感，以及這類事故

接連發生，他建議警務處全面檢討盛載

或運送警方文件用的器材及制服，以防

止個人資料受未經准許的查閱或意外的

遺失；並應加強培訓並設獎勵和紀律制

度，以督促警務人員遵從保障私隱及個

人資料的政策及程序。

他指出：「即使是完備的私隱政策和嚴

格的保安措施，都有可能被個別員工的

鹵莽或粗心大意拖跨。機構應為員工提

供全面的內部培訓，提高保障私隱的意

識。推動整個機構建立一個尊重私隱文

化是至為重要。」

警務處接連遺失載有敏感個人資料的記事冊

The Police Force Warned after Repeated Incidents of

Loss of Notebooks containing Sensitive Personal Data

調查報告：

www.pcpd.org.hk/chinese/

publications/files/R13_0407_c.pdf

The Hong Kong Police Force ("HKPF")

wa s f ound t o have b r eached t he

requirement of the Ordinance relating

to protection of personal data against

accidental loss (Data Protection Principle

4) in two incidents which involved the

loss of police notebooks and a copy

of fixed penalty tickets (“FPT”). The

PCPD has served an enforcement notice

on the HKPF

,

directing it to establish

supplementary security procedures to

plug the loopholes identified, and tighten

up its supervision.

The investigation covered 11 incidents

involving the loss of notebooks and

copies of FPTs by different police

officers, involving the personal data of

285 persons including crime victims,

witnesses and suspects.

Most of the incidents involved negligence

or carelessness on the part of the police

officers concerned. Mr Allan Chiang,

Privacy Commissioner agreed that human

error could not be totally ruled out, but

taking into account the sensitive nature

of the data involved and the frequency

of the incidents, he advised the HKPF

should take the matter seriously and

review HKPF’s equipment and uniform

used for carrying and transporting

police documents in order to prevent

personal data from unauthorised access

or accidental loss. He also urged the

HKPF to step up its training, incentive

and disciplinary programmes to promote

compliance with its privacy policies and

procedures.

“Recklessness or carelessness of a single

employee can undermine sound privacy

policies and robust security practices. It

is of utter importance that organisations

institute comprehensive internal training

and awareness programmes for their staff.

“The HKPF should commit to building

a culture respecting privacy and data

security,” he said.

Investigation Report

：

www.pcpd.org

.

hk/english/publications/files/R13_0407_

e.pdf