Government notes PCPD report on Cathay Pacific data breach incident

image_pdfimage_print

    In response to media enquiries on the Privacy Commissioner for Personal Data (PCPD)'s report released today (June 6) on Cathay Pacific Airways Limited (Cathay)'s data breach incident, a spokesman for the Constitutional and Mainland Affairs Bureau made the following response:

     "The Government noted that the PCPD had concluded that Cathay had, inter alia, not taken all reasonably practicable steps to protect the affected passengers' personal data against unauthorised access in terms of vulnerability management, adoption of effective technical security measures and data governance. In this connection, the PCPD has ordered a series of enforcement actions. Cathay is urged to take immediate remedial actions accordingly.
 
     "The PCPD pointed out in its report that there is no statutory requirement for data breach notification at the moment. This will be taken into account when the Government develops proposals to update the Personal Data (Privacy) Ordinance. The Government will work closely with the PCPD and consult stakeholders, including the Legislative Council, along the way."

Leave a Reply

Your email address will not be published.