Andy Lau updates us on the Octopus breach:
Octopus Rewards Limited violated the principles of personal data protection by collecting and using customers’ personal data under the Octopus Rewards Program, Privacy Commissioner for Personal Data Allan Chiang said on Monday.
In his investigation report on the issue, Chiang said the company collected excessive and unnecessary personal data, and did not take appropriate measures to inform customers where their personal data will be transferred to. The company also sold the data to its business partners without obtaining customers’ clear and voluntary consent.
He said Octopus Holdings should bear the legal responsibilities for the incident because Octopus Rewards is wholly owned by it, and the former approved all the activities under the rewards program.
Chiang decided not to issue an enforcement notice to Octopus because the company pledged not make the same mistakes again.
Read more on International Business Times.
Related: The Collection and Use of Personal Data of Members under the Octopus Rewards Programme run by Octopus Rewards Limited (Report Number: R10-9866; Date issued: 18 October 2010; 11.36MB, 68pp)