Security Statement
Security Statement
-
While the Internet is not an inherently secure environment for communication, Internet communication can be made safer by the application of appropriate technology. In addition to the firewalls and other sophisticated equipment implemented, the Rating and Valuation Department ("the RVD") also adopts the following measures to protect the Property Information Online (“the PIO”) system, and the information and data contained in it from accidental or malicious disruption or destruction.
Support of Digital Certificates Issued by Certification Authorities
To protect information transferred over the Internet, the PIO supports the Public Key Infrastructure (PKI) implemented by trusted certification authorities. Users would notice from the Uniform Resource Locator (URL) that the Hyper-Text Transport Protocol Secure (HTTPS) was used to access the secured website of the PIO, and a padlock icon would appear in the address bar to the left of the web address once a secured web session is established. By double-clicking on this padlock icon, users may view the details of the digital certificate for the PIO and verify its identity by examining the certification path and certificate status.
Implementation of Secured Online Payment
Online payments supported by the PIO are protected through the Transport Layer Security (TLS) mechanism. Payment details are encrypted under this secure protocol and transmitted to the relevant banks via a secured payment gateway for payment approval and settlement.
Restricted Access to Personal Information
In terms of system access control, appropriate security measures are taken such that access to any personal information submitted through the PIO is restricted to only those authorised members of staff who have legitimate needs to have such access. Also, the use of such personal information is in accordance with the provisions in the Personal Data (Privacy) Ordinance (Cap.486).
PIO subscribers are responsible for keeping their account login passwords confidential. Subscribers are encouraged to change passwords periodically. If a subscriber suspects that his account login password has been maliciously tampered with, please contact the RVD immediately. In the case where a subscriber allows an unauthorized individual to gain access to the account login password, the RVD will not be held responsible for any consequences resulting from this action.