"I am particularly disappointed at the tertiary institutions that exposed student data online," he said. "The public had high expectations of tertiary institutes to serve as role models in safeguarding online data privacy as they have more IT resources compared to secondary schools."
While the PCPD has written to inform the Education Bureau of the findings with a request for follow-up actions, it'll also invite the schools to attend PCPD's seminars on data protection and the proper use of IT.
According to the PCPD, the schools have mitigated the breach by removing the data from their websites and requested the relevant web search engine company to remove cache copies from its servers.
Sign up for CIO Asia eNewsletters.