LCQ16: Protecting government documents taken out
************************************************

     Following is a question by the Hon Lam Cheuk-ting and a written reply by the Secretary for Development, Mr Eric Ma, in the Legislative Council today (May 17):

Question:

     On the 25th of last month, the window of a saloon car for use by the Secretary for Development was smashed and a briefcase inside the car compartment which belonged to the Secretary (containing a tablet computer and a batch of government documents) was stolen while the car was parked at the Hong Kong Science Museum in Tsim Sha Tsui. The authorities subsequently issued a statement that the Development Bureau, after learning about the incident, had forthwith halted the operation of the stolen tablet computer through remote control, and that the stolen documents did not contain personal data of the public. However, some members of the public are worried about lawbreakers exploiting for benefits the confidential or business sensitive information (e.g. Executive Council papers or land planning information) contained in the stolen documents. In this connection, will the Government inform this Council:

(1) among the stolen documents, of the respective numbers of those classified as (i) top secret, (ii) secret, (iii) confidential and (iv) restricted, as well as the number of those containing business sensitive information about land planning, etc.;

(2) whether the stolen tablet computer has been installed with any email software for handling official business; of the respective numbers of documents stored in the tablet computer which have been classified as (i) top secret, (ii) secret, (iii) confidential and (iv) restricted, as well as the number of those containing business sensitive information about land planning, etc.;

(3) whether it has investigated if, in this theft case, the placing of the briefcase in the compartment of an unattended saloon car by the government official concerned has violated the relevant information technology security guidelines; if it has investigated, of the details; if not, the reasons for that; and

(4) whether the authorities will revise the relevant guidelines and take improvement measures to prevent the recurrence of similar kind of incidents; if so, of the details; if not, the reasons for that?

Reply:

President,

     Having consulted the Security Bureau, Innovation and Technology Bureau, as well as Department of Justice, our reply to the four-part question is as follows:

(1) to (3) Regarding the incident occurring in Tsim Sha Tsui on April 25, 2017 where the window of a government car was smashed and a briefcase inside the car carrying a tablet computer and government documents was stolen, the Development Bureau (DEVB) has promptly and successfully deleted all data stored in the computer through remote control that night after the incident. The stolen tablet computer and documents were recovered by the Police on April 26.

     DEVB has reported the theft of the tablet computer and government documents to the Government Security Officer and the case will be handled according to the established procedures. As legal proceedings are in progress, we have no further point to add.

(4) The Government's Security Regulations stipulate guidelines on the handling of classified Government documents, including what to observe when such documents are taken outside office. However, such details should not be disclosed due to security reasons.

     The Government has also formulated a comprehensive set of "Government Information Technology Security Policy and Guidelines", in order to tackle information security threats and cyber attacks of various nature. The Guidelines were reviewed and revised in late 2016 by making reference to the latest international standards and industry best practices, including strengthening the encryption requirement for storage of sensitive information. The requirement has appropriately covered mobile devices.

     We will keep and handle classified documents and mobile devices containing classified information with great care in accordance with the relevant government policies and regulations, including the Security Regulations and the "Government Information Technology Security Policy and Guidelines".

Ends/Wednesday, May 17, 2017
Issued at HKT 11:30

NNNN