On Aug 4, Stephen Wong Kai-yi took office as the Privacy Commissioner for Personal Data (PCPD), succeeding Allan Chiang Yam-wang who completed his five-year term on the day before. In his final article "Bidding Farewell" on the commissioner's blog, Chiang noted that "the pervasive use of new information and communications technologies in today's digital society has enabled the collection and use of personal data with phenomenal ease and efficiency". He added that "whilst creating economic and societal values, it also poses immense risks to privacy and raises serious concerns about the protection of personal data".

I agree with him. In the era of big data, the use of the Internet and smartphones is changing the habit of "sharing" in our lives. Sometimes the private information is so easy to access that we cannot believe it, and privacy protection suddenly becomes more challenging than ever.

Recently, reports of increasing cases of phone fraud, in which criminals pretending to be staffers from Hongkong Post, the Liaison Office of the Central People's Government in the HKSAR, the Personal Emergency Link Service and so on, have attracted a lot of attention. The biggest victim so far is a veteran Chinese soprano, who was duped out of HK$20 million by telephone scammers pretending to be mainland police officers. These blatant phone frauds suggest that leaking personal data is so severe that it simply cannot be ignored.

It is the responsibility of the relevant authorities to strengthen the security of the private data of all residents. Unfortunately, evidence indicates the existence of deficiencies in this aspect. Last month, the Office of the PCPD released a report on a survey of the administration of 10 commonly used public registers maintained by the government. These include the bankruptcy register, the births register, the business register, the companies register, the land registers, the marriage register, the register of notices of intended marriages, the Securities and Futures Commission register of licensed persons, the register of vehicles and the registers of electors. Surprisingly, the PCPD found out that only one (registers of electors) out of the 10 registers has legislative safeguards against misuse of data and only one (the register of vehicles) out of the remaining nine registers provides administrative safeguards. Even worse, because most registers have no discretion to reject data access requests, personal data kept in the registers is easy to obtain.

Take the companies register for example; directors of a registered company are required to provide their residential address and full Hong Kong Identity Card number. And anyone who is willing to pay only HK$40 is entitled to access the personal data of a certain company director. In today's society, where data can be shared through all kinds of media and social networks easily, the cost of accessing someone's private information is lower than one can imagine.

In a society such as Hong Kong where the rule of law is upheld and a transparent legal system is installed, the limited liability of a company director should not include the obligation to make his/her private data available to the public - at least not the detailed data - especially when there has yet to be a comprehensive law to prevent the misuse of personal data.

If the protection of directors and shareholders' personal information is not strengthened, it is putting them, their family members and their property at risk. How can this be justified? It is imperative for the SAR government to carefully study this issue, and strike a balance between upholding the public's right to know and protecting private data.

(HK Edition 08/19/2015 page9)