SCMP - Lawmaker urges disciplinary action over ‘unacceptable’ computer security lapses

Hong Kong authorities are under pressure to strengthen cybersecurity measures after a string of data breaches at leading public bodies affected nearly 130,000 people, with a legislator urging disciplinary action against department heads for any future failures.

Lawmaker Elizabeth Quat, who chairs the Legislative Council’s information technology and broadcasting panel, said yesterday civil servants should be held accountable, as such incidents were "unacceptable".

"I think the Civil Service Bureau should task the heads of all government departments and public bodies, as well as those who are responsible for their IT projects, to be accountable and responsible for the security of their computer systems," she said.

"They must ensure that the computer systems have all the necessary security measures and that the privacy of residents can be protected."

Quat said authorities must investigate problems caused by human error and take action against those responsible.

Many cybersecurity failures in government departments were a result of management issues or human error, she said, noting it was not enough to simply rely on the Office of the Government Chief Information Officer to provide guidelines.

"The head of the department that is responsible should have enough awareness and not leave things to chance," she said.

"When their employees make mistakes, they should not try to protect them or let them off the hook easily."

She earlier told a radio show: "If these departments or systems have issues or similar incidents occur again, there should be a punishment mechanism, a person to be held accountable and disciplinary action."