Hong Kong electoral officials have been slammed by the south Asian city state's data protection regulator after it failed to prevent the theft of laptops containing the information of all of Hong Kong's 3.7 million voters.
The theft was noticed the day after the election when officials from Hong Kong's Registration and Electoral Office (REO) went to pack up an election venue and found two laptops missing. The data on those stolen laptops included information about the members of the election committee as well as all of Hong Kong's registered voters including names, addresses and the numbers of their ID cards.
A report released on 12 June claimed that the REO failed in its basic duty to protect personal data. The Privacy Commissioner has served the REO an enforcement notice, urging it to the plug the oversights that allowed the theft to happen.
Shortly after the March theft, an anonymous source told the South China Morning Post that that theft may have been an inside job. The two stolen computers were not valuable and were kept in a storeroom which required a passcode known only to a handful of people.
Members of the REO had previously said that the reason they kept all the information on a laptop was for the purposes of cross-checking that information with that of members of the Election Committee. Moreover, because they had encrypted some of the information, the REO officials reasoned that a leak would not be likely.
"We commend the Privacy Commissioner for publishing the report and recommendations, which the REO should begin to implement immediately,” Privacy International policy officer Lucy Purdon told SC Media UK.
Often, added Purdon, companies and governments will use systems that store massive amounts of data, with little regard for security: “Many people are left vulnerable to excessive data being collected on them and that data is poorly secured and ultimately stolen.”