Ambrose Li reports:
The local arm of international charity Oxfam violated the data protection law following a leak in July that potentially affected 550,000 people, Hong Kong’s privacy watchdog ruled in an investigation report on Thursday.
[…]
“The privacy commissioner considered that Oxfam had not taken all practicable steps to ensure that the personal data involved was protected against unauthorised or accidental access, processing, erasure, loss or use,” commissioner Ada Chung Lai-ling said in the investigation report about the leak in July last year.
[…]
The investigation found that outdated firewalls containing critical vulnerabilities, failure to enable multi-factor authentication, prolonged retention of personal data, and the lack of specificity of its information security policy were among the reasons that contributed to the breach.