Hong Kong E-Payment Firm Admits Selling Customer Data

[security curmudgeon <jericho () attrition org>]

http://www.zdnetasia.com/hong-kong-e-payment-firm-admits-selling-customer-data-62201697.htm

Hong Kong e-payment firm admits selling customer data
By Eileen Yu, ZDNet Asia on July 29, 2010

Hong Kong's Octopus Holdings has admitted to selling its customers' 
personal information since January 2006 and pocketing HK$44 million 
(US$5.7 million) from doing so.

The e-payment services provider said it sold personal data belonging to 
1.97 million customers to six companies including Cigna Worldwide Life 
Insurance, according to a report from local broadcaster Radio Television 
Hong Kong.

Octopus CEO Prudence Chan, who was speaking at a private hearing with the 
Hong Kong Privacy Commission, was quoted as saying the company has pledged 
not to provide personal data to other companies in future.

Octopus had earlier denied it sold customer data, until it was called up 
by the Commission to testify at an official investigation of the company's 
practices, noted a report by Apple Daily. Chan then retracted the denial.

Octopus' contactless payment cards are used widely by commuters of Hong 
Kong's underground trains operated by MTR, which incidentally owns 57.4 
percent of Octopus shares, and also for various transactions such as 
fast-food outlets and convenience stores.

[..]
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php