Public servants in the Hong Kong Special Administrative Region need to seek prior approval to use personal emails, public cloud storage platforms and web versions of instant messaging applications while using the computers of government at work, starting within the next few months, according to new internal IT regulations.
The latest version of the government’s IT Security Guidelines, updated by the Office of the Government Chief Information Officer in April, specifies that the three types of online services “introduce significant security risks” and that accessing such services in government offices should only be allowed if there is a genuine need and with the approval of heads of corresponding departments and bureaus.
The access should be promptly revoked when no longer required, the guidelines said, adding that departments shall “critically review the necessity of these services by users regularly”.
Government departments and bureaus should also employ technical controls, such as web-content filtering, to prevent unauthorized access to the three kinds of services, the guidelines said.
Under the new guidelines, public servants need to obtain prior approval for using the desktop versions of messaging apps such as WhatsApp and WeChat, as well as logging in to their private email accounts when using government computers.
ALSO READ: $500,000 in ransom demanded as HK's Consumer Council hacked
Replying to inquiries filed by local media, a government spokesperson said using instant-messaging applications on mobile phones provided by the government will not require prior permission.
The spokesperson said the guidelines were updated in April, and all government departments and bureaus must take measures or develop implementation plans within six months to ensure their compliance.
In the face of ongoing cyber threats, all segments of the government should continue to take their responsibilities seriously and implement the updated guidelines, the spokesperson added.
Since last year, multiple government departments and private institutions have experienced an array of data-leakage incidents, prompting the government to update the IT security guidelines and carry out a throughout review of its IT security systems.
Last month, the government merged the the Office of the Government Chief Information Officer with the Efficiency Office to establish a new Digital Policy Office under the Innovation, Technology and Industry Bureau.
READ MORE: HK unveils Digital Policy Office to improve governance, fuel business
Apart from boosting digital applications within the government, the new office has also been tasked with strengthening digital infrastructure and security.
