Two government mobile phones containing the personal data of 122 residents in mandatory coronavirus quarantine have gone missing, raising concerns over a potential data breach.

The Office of the Government Chief Information Officer (OGCIO) announced the suspected theft on Wednesday after their staff conducted an inventory check of all 170 phones on Tuesday night.

Customs and Excise Department Headquarters North Point
Customs and Excise Department Headquarters in North Point. Photo: Wikimedia Commons.

The two missing phones were used at OGCIO’s temporary communication centre at the Customs and Excise Department head office in North Point. They were used to ensure persons under compulsory home quarantine remained in their residence through the collection of real-time locations and via video calls.

“A total of 122 persons had been contacted via the two mobile phones for monitoring purposes. Names, telephone numbers, shared locations and photos of these persons but no detailed addresses are stored in the phones,” the OGCIO said.

Mobile phone
Mobile phone. Photo: Pixabay

“The mobile phones are password-protected with information encrypted. The OGCIO has already terminated the communication services of the two phones,” the office added.

First detected in Hubei, China, more than 75,000 people globally have been infected with Covid-19, whilst over 2,100 have died from the disease. Hundreds of arrivals from infected areas are “self-quarantined” in their homes and hotels across Hong Kong, which has seen 65 cases and two deaths.

The OGCIO expressed regret over the incident and apologised to the residents concerned, adding they would step up information security immediately to avoid the recurrence of similar incidents.

The office reminded those affected to remove contacts with the two mobile phones, and advised them to inform the OGCIO and follow up with the Police if they had received any suspicious calls.

Privacy Commissioner for Personal Data

The Privacy Commissioner Stephen Wong had been informed of the potential data breach according to a statement issued by the office of the Privacy Commissioner for Personal Data (PCPD) on Wednesday evening. The privacy watchdog said they would conduct follow-ups and launch a compliance check to acquire more details.

It is not the first time government departments have lost electronic devices which stored personal information. In April 2017, the Census and Statistics Department admitted it lost two electronic tablets containing details of 12 households – involving 46 persons – during the population by-census in the previous summer.

Census officers
Census officers. Photo: GovHK.

It was revealed just days after the Registration and Electoral Office announced that it lost two laptops which contained the personal data of all registered voters.

Under the current Personal Data (Privacy) Ordinance, data users are advised to handle data breach incidents properly by reporting them to the PCPD, yet it is not a statutory requirement. There have been calls for a review of the ordinance, in particular, to study the necessity and feasibility of introducing of a mandatory notification mechanism.

Kelly Ho has an interest in local politics, education and sports. She formerly worked at South China Morning Post Young Post, where she specialised in reporting on issues related to Hong Kong youth. She has a bachelor's degree in Journalism from the University of Hong Kong, with a second major in Politics and Public Administration.