Private data is still going astray in Hong Kong. On July 3, HSBC, the largest bank in Hong Kong, reported the loss of a back-up digital tape on its DHL security journey from Guangzhou to Hong Kong, resulting in the 25,000 recorded phone calls going missing.
The missing back-up tape, which embarked on its journey at the banks group service centre in Guangzhou, reportedly contained stored phone calls recorded from April 18 to 24, mostly related to credit card inquiries, business Internet banking for commercial banking customers and general outbound calls to customers.
Why? Why would a bank dispatch back-up digital tapes from its Guangzhou service centre to Hong Kong via courier service? Wouldnt data transmission be safer, faster, or cheaper?
Talking to another Hong Kong bank CIO yesterday, I found that he was just as puzzled by that archaic arrangement.
This whole magnetic tape [back-up practice] has been around for years, for generations. The world has moved on so far from that, we are in the iPod age already, and you still have tapes! he said.
At his bank, he is trying to get rid of it [back-up tapes], he said.
At least the transportation of the tapes must be stopped.
For several times, during the interview, this bank CIO in Hong Kong reiterated the difference between transPORT and transMIT.
He said: With the abundance of bandwidth, telecommunication links, would you still think about a security courier to actually transport tape, to physically drive from one point to the other. When you have data communication network and abundant bandwidth at a very much affordable cost, why can you not just simply transmit instead of transport [data]? Tight traffic during the daytime for back-up data transmission is not an issue, as banks can well utilize their idle bandwidth at night when the branches are closed, he said.
This makes a lot of sense. But, will there be other network security concerns to worry about along data transmission?
Hey, come on! You are doing that during the day already. You are doing that during the day for the live data, said the bank CIO. And the network by default, is secure! Otherwise you wouldnt use the network during the day for the transactions. If your network is in trouble, youd better fix it! Otherwise during the daytime, during the office hours, youd better not use the network at all then!
Its the same case in network. Its an internal network, not a public network. You are not transmitting the data through the Internet. Youre transmitting it through your internal network. And that is by default, secure. Otherwise, you wouldnt pass the HKMA [Hong Kong Monetary Authority] anyway. These auditors come in through the doors five times a year.
Whether we are in the iPod age or the iPhone age, it doesnt make much sense to see ongoing privacy incidents happening in Hong Kong, where the HKSAR government boasts to be the financial hub of Asia.
Sign up for CIO Asia eNewsletters.