An internet security expert has called for firms that put customer data at risk to face tough penalties, saying government intervention is needed to protect the public.
The comments by Michael Gazeley from the internet security firm Network Box came after the Ming Pao newspaper reported it was able to obtain the credit information of Chief Executive Carrie Lam and Financial Secretary Paul Chan by simply using information that was available in the public domain.
The newspaper said it had managed to pass security checks on the website of credit worthiness evaluating firm, TransUnion, by putting in the two top officials' HKID card numbers and answering a few simple questions. The data the papers obtained included telephone numbers, addresses, loans, and overdue payments.
The reports also said the same lax web security was seen in other TransUnion partner websites.
Gazeley said some companies are putting the customer data at risk through negligence.
He said despite major data breach in recent times like those involving HSBC and Cathay Pacific, companies are just putting their head under the sand and refusing to take responsibility.
"We need to collectively, as the public, stand up and demand perhaps that the government do something now," he said.
"I am not a big fan of the government intervention normally. But I am beginning to realise that unless the government does something, if you leave it up to individual companies, we the public are not going to be protected," Gazeley said.
He told RTHK's Janice Wong that tough measures like what some European governments have implemented – fining up to 4 percent of global revenues – should be brought in.