From: security curmudgeon (jerichoattrition.org)
Date: Fri Jul 30 2010 - 13:50:51 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.zdnetasia.com/hong-kong-e-payment-firm-admits-selling-customer-data-62201697.htm

Hong Kong e-payment firm admits selling customer data
By Eileen Yu, ZDNet Asia on July 29, 2010

Hong Kong's Octopus Holdings has admitted to selling its customers'
personal information since January 2006 and pocketing HK$44 million
(US$5.7 million) from doing so.

The e-payment services provider said it sold personal data belonging to
1.97 million customers to six companies including Cigna Worldwide Life
Insurance, according to a report from local broadcaster Radio Television
Hong Kong.

Octopus CEO Prudence Chan, who was speaking at a private hearing with the
Hong Kong Privacy Commission, was quoted as saying the company has pledged
not to provide personal data to other companies in future.

Octopus had earlier denied it sold customer data, until it was called up
by the Commission to testify at an official investigation of the company's
practices, noted a report by Apple Daily. Chan then retracted the denial.

Octopus' contactless payment cards are used widely by commuters of Hong
Kong's underground trains operated by MTR, which incidentally owns 57.4
percent of Octopus shares, and also for various transactions such as
fast-food outlets and convenience stores.

[..]
_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]