Hong Kong Laptop Security: Immigration Department, Airport Division, Reports Theft Of Three Laptops.

The Immigration Department at Chek Lap Kok airport (officially known as Hong Kong International Airport.  Chek Lap Kok is the name of the island on which the airport is built.  And, yes, there is a joke in there for English speakers) has reported the theft of three laptop computers owned by the government body.

The good news for Hong Kongers is that the information was limited to foreign nationals.  For everyone else, the good news is that the stolen devices were protected with laptop encryption software like AlertBoot.

Taken from Easily Accessible Room

The personal data on 3,000 travelers were reported as stolen on Wednesday, October 17.

The use of encryption software made sense for a number of reasons.  First, there is the fact that personal information was being collected.  While it’s not being revealed what type of information was lost in the “data breach” (in quotes because, let’s face it, no one is getting to that data without the correct username and password), seeing how they scan passports at airports, I imagine name, age, sex, country of origin, flight information, my picture, and other details would be have been stored.

Second, the laptops were being stored in “the immigration control duty room which airport staff and tourists can easily access” (my emphasis, thestandard.com.hk).  If computers holding sensitive data were being stored in such an easily accessible location, the use of encryption is even more necessary.  (scmp.com reports that the “office room…would be locked whenever staff members left” so it’s not as bad as some publications are making it sound).

Privacy Commissioner Notified

Despite the use of encryption, the Privacy Commissioner for Personal Data was notified of the laptops’ theft.  Furthermore, the Immigration Department has implemented new security measures to ensure the incident does not recur.

Things are in a bit of flux in Hong Kong.  Last year, the Privacy Commissioner has stated that companies are not required to report data breaches to his office.  This is, in fact, still reflected as of this post in the Hong Kong Data Breach Notification Form found at pcpd.org.hk.  Later in that same year, the Hong Kong legislature passed a bill for extending personal privacy rights, although it had more to do with Big Data usage issues than theft or loss of big amounts of data.

Related Articles and Sites:

Comments (0)

Let us know what you think