The personal details of 20,000 people who made complaints about the police in Hong Kong have leaked onto the net. The apparently accidental leak of personal data submitted to Hong Kong's Independent Police Complaints Council (IPPC) has caused a huge flap in the Chinese city.

The database contained full details of complaints made from 1996 to 2004. Information included dates of complaints, the full names and addresses of complainants, details of alleged offences, names and other particular of allegedly bent cops, outcome of complaints and more. The breach was unearthed by webb-site.com, an independent site that monitors Hong Kong's corporate and economic governance.

Its editor, David Webb, reckons that the data might have been disclosed after a contractor working for the police copied a database onto a commercial server, possibly in the course of doing maintenance work. Circumstantial evidence (such as the format the data was leaked in) supports this hypothesis. However Webb's theory remains unconfirmed.

Roderick Woo, privacy commissioner for personal data, launched an inquiry into the mishap before any formal complaint was even received. Webb this week called for an investigation by an independent panel into the bigger issue of data security across all Hong Kong government organisations. ®

Related stories

Home Office coughs to five database breaches (29 August 2006)
US veterans' data exposed after burglary (23 May 2006)
40,000 BP workers exposed in Ernst & Young laptop loss (23 March 2006)
200,000 HP staff exposed as laptop loss party continues (22 March 2006)
Lost Ernst & Young laptop exposes IBM staff (15 March 2006)
FTC settles with CardSystems over data breach (27 February 2006)
Acxiom database hacker jailed for 8 years (23 February 2006)
Strict liability for data breaches? (22 February 2006)
ChoicePoint fined $15m over data security breach (27 January 2006)