By South China Morning Post | Created at 2025-01-09 11:19:56 | Updated at 2025-01-09 21:08:07
9 hours ago
Hong Kong’s privacy watchdog has served a warning letter to the Urban Renewal Authority (URA) for leaking personal details of 199 tenants and owners stored on a cloud platform.
The Office of the Privacy Commissioner for Personal Data issued an investigation report on Thursday and ruled that the urban redevelopment body contravened data laws by omitting key functions in security checks and failing to detect that the data was open to public access.
Ada Chung Lai-ling, the privacy commissioner, said: “The organisations that use cloud computing and cloud service providers have a shared responsibility to safeguard data security in a cloud environment, including the security of the personal data stored on the cloud, and comply with the relevant requirements of the Privacy Ordinance.”
The warning letter came half a year after the URA leaked personal details of 199 tenants and owners who had signed up for briefing sessions in May last year on property acquisition under the Nga Tsin Wai Road-Carpenter Road redevelopment scheme.
The e-form platform used by the URA was associated with the cloud platform ArcGIS Online, but the authority did not realise that personal data could be publicly accessed – without an account or password – until police received reports about the potential leak.
The personal details compromised in the breach included telephone numbers, names, details of ownership or correspondence addresses.
Staff of URA immediately stopped using the platform and deleted all personal data stored on the cloud platform after learning about the leak.
