Rachel Yeo reports:
A healthcare chain in Hong Kong has shared a database containing the personal information of more than a million customers among several of its member companies without their consent, the privacy watchdog has found, although the business insists strict limits on access were set.
[…]
In response to the individual cases highlighted in the privacy watchdog’s report, EC Healthcare clarified that no data security issues such as leakage by third parties were involved after an internal investigation.
The watchdog launched its investigation into EC Healthcare after receiving two complaints involving four of the member companies. The office said 28 of 39 brands under the healthcare company, including paediatric wellness centre Primecare and cosmetic surgery provider Dr Reborn, had adopted an integrated internal database, which involved the data of about 1.08 million customers.
Read more at South China Morning Post.
You can download the Executive Summary of “Investigation Report: EC Healthcare’s Sharing of Clients’ Personal Data among its Various Brands through an Integrated System:” at https://www.pcpd.org.hk/english/enforcement/commissioners_findings/files/r22_13928_e.pdf