HK’s privacy watchdog to investigate Cathay Pacific data breach

The Privacy Commissioner announced late last night that his office has launched an investigation into the Cathay Pacific data leak that affected some 9.4 million customers.

A statement published on the watchdog’s website revealed that, as of 5pm yesterday, they have received 108 inquires and 89 complaints relating to the data breach.

At the end of October, the Hong Kong flag carrier revealed that its network had been hacked earlier this year and the personal data of millions of its customers had been compromised.

The airline was slammed by lawmakers for not immediately disclosing the data breach.

Privacy Commissioner Stephen Wong said in the statement that the probe will see if Cathay violated data protection laws and will examine the security measures taken by the airline to safeguard its customers’ personal data as well its data retention policy and practices.

The statement goes on to say that, under the Personal Data (Privacy) Ordinance, the privacy commissioner has the power to summon witnesses, enter premises, compel witnesses to hand over evidence and carry out public hearings during an investigation.

The announcement comes after Wong hit back at criticisms from his predecessor, Allan Chiang, that he had failed to launch an inquiry into the leak immediately after it came to light.

During an interview with RTHK’s Hong Kong Letter on Saturday, Chiang that this was not the first time the privacy watchdog, under Wong,  had failed to investigate companies over cases similar to the one facing Cathay case. Chiang also said that the number of investigations and enforcement notices issued by the commissioner’s office had dropped significantly since Wong took over.

Wong hit back at Chiang’s comments with a lengthy statement published on the privacy commissioner’s website, saying that Chiang’s comments were “inaccurate and misleading”.

The statement says: “Figures of enforcement cases in and of themselves do not speak to the quality of regulatory efforts. As a fair regulatory authority, PCPD [Privacy Commissioner for Personal Data] does not regulate for figures but results. An analogy is that when the crime rate drops, it does not mean that the law enforcement agencies became lax in their crime investigation efforts.”

Leave a Reply


By signing up for our newsletters you agree with our Terms of Service and Privacy Policy
MOST POPULAR