More Information
- New data safeguards urged for hospitals
- Immigration Department Learns Information Security Management Basics
- Data Leak Disease
- Privacy report: HK Hospital Authority must raise staff's data privacy awareness
First published: 31st July 2008
Mr. Roderick B. Woo, J.P., Hong Kong's Privacy Commissioner for Personal Data, has made 37 recommendations for improving the protection of personal data to the Hospital Authority after his team inspected the Authority's systems following widely-publicised leaks revealed in April and May 2008.
The main recommendations will come as no surprise to information security practitioners, and include not using the Hong Kong ID card number as an identifier, or encrypting it, limiting the period of data storage, monitoring staff access, and regulating the use of portable storage devices. More importantly, Mr. Woo acknowledged the Authority's purpose, saying "The primary duty of the hospitals is to save lives. What we have done is to list out practical recommendations for the hospitals with regard to our concern for personal data privacy". He also recommended consolidation of the present multiple policies, "We find confusion caused by a profusion [of security policies]".
This is a busy time for the Commissioner, just last month he was making recommendations to the Immigration Department.