PCPD has uncovered a significant data breach involving EMSD, affecting over 17,000 individuals who were subject to 14 compulsory testing during the pandemic from March to July 2022, including names, addresses, identity card numbers, and phone numbers.
This incident highlights four major deficiencies in the EMSD’s handling of personal data.
1. Lack of written policies on the retention of personal data collected in the RTD operations.
2. Failure to make unequivocal request to the contractor for deletion of the relevant data.
3. Failure to take the initiative to delete the personal data involved.
4. Failure to properly follow up with the contractor on the deletion of data.
Investigation report: https://www.pcpd.org.hk/english/enforcement/commissioners_findings/files/r24_06502_e.pdf