- Is the Cisco MARS mission going to abort?
- First iPhone worm spreads Rick Astley wallpaper
- 10 stunning 3D buildings made with Google SketchUp
- Open source software ready for big business
- Four reasons to buy (and one reason to avoid) the Droid
The Office of the Privacy Commissioner for Personal Data said Monday it has ordered an investigation to probe into the police's recent data leakage incident.
Slideshow: 10 of the Worst Moments in Network Security History
"I am gravely concerned that classified police documents have been repeatedly leaked on the internet through the Foxy file-sharing software," said Roderick Woo, Privacy Commissioner for Personal Data. "In the course of my investigation, I will seek the Police Commissioner's cooperation and ensure that the police will take effective measures to stop personal data from accidental or unauthorized access."
The Commissioner conducted a self-initiative compliance check not so long ago into some similar incidents, said the Office of the PCPD. The Police admitted that some of its officers had used their personal computers which had installed the software in question to prepare police reports, the office added.
According to the Office of the PCPD, the police had previously agreed to take multiple actions for prevention of similar incidents in the future. These actions include:
- setting up a force working group to identify information security risk factors;
- informing the PCPD and affected data subjects of all data breach incidents;
- publishing messages on the Police notice board to enhance data security knowledge, e.g. how to uninstall Foxy software;
- instructing all information systems security managers to conduct checks and inspections on all police terminals;
- reviewing police policies and relevant manuals on information security and data protection;
- setting up a force focus group on personal data protection to advise police officers on the importance of data protection;
- exploring technical solutions to guard against data leak;
- carrying out periodic sanitization and inspection of all police common terminals to remove unauthorized data; and
- promulgating a guideline on how to investigate information security incidents.
The Office of PCPD said it had also conducted seminars for police officers on personal data protection focusing on the legal framework, data protection principles, governance of data protection and data access request.
"To help prevent further harm done to the affected individuals, I strongly urge internet users not to download or disseminate sensitive personal data on the internet after an accidental or unauthorized leakage has become known." Woo said.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment