The Census and Statistics Department says staff members mistakenly uploaded a file on November 3 containing information of individual firms onto its website. It was discovered and deleted six days after it happened.
“Preliminary investigation[s] indicated that this incident involves human error rather than systemic problems and is a rare, isolated case,” a spokesman for the department said.
The spokesman said that – in the course of preparing a file on statistics for regular release through its website – the staff members concerned had mistakenly included another file containing information from 46 firms and uploaded them altogether onto the website. The file contained a 10-year data series on a retail-related data item, though the content did not involve any personal information.
A total of 43 users downloaded the file before it was deleted on November 9, according to the department. The department said it was very concerned about the incident and appealed through its website to those who downloaded the file to delete it immediately.
The notification on the website said: “For users having downloaded ‘Dataset X020 : Dataset on Monthly Survey of Retail Sales’ during 3 to 8 November 2017, please delete the downloaded files and download the updated dataset as replacement. For enquiries, please call 3903 7397.”
It has informed the 46 affected firms about the incident, as well as telling them of the remedial actions and enhanced precautionary measures taken: “The department has also apologised to the affected firms.”
The spokesman said that the department deeply regreted the incident.
The department will now form a working group to review the security measures and procedures for handling data collected from respondents. It said it has reminded staff to strictly abide by the guidelines and implement improvement measures.