Personal Data Privacy and Information Security
Upcoming SlideShare
Loading in...5

Like this? Share it with your network


Personal Data Privacy and Information Security

Uploaded on

Personal data privacy and information security -- presentation at ISOC's INET Colombo 2011

Personal data privacy and information security -- presentation at ISOC's INET Colombo 2011

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 3 2 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. Personal Data Protection and Information Security INET Colombo 2011 Session II: Making the Internet Safe for Everyone Charles Mok Internet Society Hong Kong 2011.05.23
  • 2. Privacy and Security
    • Internet for all -> more problems?
    • Growing awareness and media attention on personal data protection, privacy and information security
    • Privacy legislation
    • Security vs convenience and openness
    • However, there is a contrasting attitude on others vs attitude on oneself
  • 3. Privacy Law in Hong Kong
    • Personal Data Protection Ordinance, enacted in 1997.
    • Enforced by the Privacy Commissioner for Personal Data
      • Issue code of practice
      • Investigate suspected breaches and issue enforcement notices
      • Awareness and education
    • 2010 Review of the ordinance
  • 4. Scope of the Ordinance
    • The Ordinance covers any data relating directly or indirectly to a living individual (data subject), from which it is practicable to ascertain the identity of the individual and which are in a form in which access or processing is practicable. It applies to any person (data user) that controls the collection, holding, processing or use of personal data.
  • 5. Six Data Protection Principles
    • Principle 1: Purpose and manner of collection
    • Principle 2: Accuracy and duration of retention
    • Principle 3: Use of personal data
    • Principle 4: Security of personal data
    • Principle 5: Information to be generally available
    • Principle 6: Access to personal data
  • 6. Incidents – Leakages
    • Public hospitals – staff losing USB thumb drives and other storage devices
    • Police, immigration and fire departments* – leaking personal information and documents over P2P networks e.g. Foxy
    • Banks – losing servers and tapes with customer transaction information
    • Octopus (payment smartcard) – selling customer information to telemarketers and insurance companies
  • 7. Other Recent PCO Actions
    • Google collection of WiFi payload data
    • Google Street View car operation
    • Sony PlayStation Network
  • 8. Emerging Issues
    • Impact of social media
      • Conflicts between openness, freedom and abuse
      • Identity fraud
      • 'Human flesh search' and online bullying
      • Anonymity vs. calls for 'real name system'
        • Example: Korea real name system for online games causing even more personal data leakages?
    • Information security issues
      • SME and zombie networks -> Korean legislation
      • Mobile security
  • 9. More threats
    • What if your information security threat is from your Government?
    • Great Firewall of China
      • From Web 1.0 to Web 2.0 (e.g. Green Dam)
        • Centralizing Internet control under the State Council
        • Moving from servers to personal devices
        • From filtering to surveillance, i.e. government spyware
        • Destabilizing VP, Gmail and 'Real Name System'
        • Government surveillance on dissidents and their supporters on blocked services such as Twitter
    • A trend for more governments in the world to imitate?
  • 10. Resources
    • Privacy Commissioner for Personal Data
    • HK SAR Government's Infosec public website
    • HK CERT
  • 11. 莫乃光 Charles Mok [email_address]