The eight data security incidents:
1. The doctor of a medical diagnostic centre did not log out of the system before leaving the examination room; patients information is exposed.
2. A tour guide distributed group electronic flight tickets to tour members however expose personal data of all tour members
3. When handling a complaint about parking matter, a security guard disclosed the complainant’s phone number to another carpark tenant.
4. A medical institution failed to properly apply the appropriate setting in the “View Summary of Responses” function during the collection online that expose personal data of over 100 registrants.
5. A government department did not follow the established procedures in folding letters expose the complainant’s HKID card number visible through the envelope window.
6. An insurance company printed documents on recycled papers, which were obsolete resumes and HKID card copies & exposed personal data.
7. A retailer sent a promotional email to its members but sent to all members (1000) in the recipient field & all emails are exposed.
8. Owing to a wrong script applied to the membership accounts system of an airline company, account information is exposed to other members.
Data security pitfalls may lie in any single procedure of work. PCPD makes six recommendations to organisations of all sectors:
1. Incorporate the protection of personal data privacy into the core values of the organisation
2. Enhance the awareness and capabilities of employees to protect privacy through training
3. Develop clear and easy-to-understand work guidelines
4. Adopt technical security measures
5. Regularly monitor, assess and improve compliance with data security policy
6. Develop a comprehensive data breach response plan