Personal Data (Privacy) Ordinance has always been strictly adhered by Department of Health in handling all personal data and keeping personal data confidential at all times.

Cervical Screening Information System (CSIS) is locked inside a secured room and can only be accessed by staff authorised by Department of Health.

CSIS web servers are protected by two layers of firewall systems to prevent unauthorised access.

Information is encrypted during the transmission and storage of personal data through the Internet between public users and the system.

With the use of 128-bit Secure Socket Layer (SSL) encryption (an online security standard for commercial application), CSIS ensures the security of users' data from unauthorised access.

CSIS will monitor each login attempt. If there are three consecutive login attempts with incorrect password, the online service will be suspended immediately.

In case users forget to logout from the CSIS system, online access will be disconnected automatically after a short inactive period to prevent unauthorised access.

The type of information accessible to a user is safeguarded by tight control mechanisms so that the user can only access to her authorised information.

CSIS will not ask for users' account number, password or any personal information via emails.

A third party had been commissioned by Department of Health in 2005 and 2011 to conduct a Security Risk Assessment and Audit Exercise for CSIS to review the security status of the system and system enhancement had been implemented.