The Chief Executive of Hong Kong’s main cashless transaction card resigned on Wednesday. It comes after the Octopus Holding Ltd was found to have been selling customer information, without consent, to third parties for millions of dollars. The major privacy breach has called into question the effectiveness of privacy protection in Hong Kong.
Every day, millions of Hong Kong residents use the Octopus cashless cards to buy anything from train tickets, groceries, to parking.
Now the CEO of Octopus Holding Ltd., Prudence Chan has resigned. It comes after she was held responsible for selling private data of nearly two million customers to six insurance companies, without their consent.
The sale of personal data generated $44 million H.K. dollars, or $5.7 million U.S. dollars.
At a forum last Sunday, Assistant Professor of Politics and Public Administration at the Chinese University of Hong Kong, Dr. Wilson Wong, says the current punishment for privacy breaches is not severe enough for it to be effective.
“Recently there’s only been one case of monetary penalty for [privacy infringement], the fine was just a few thousand dollars. But when you think about it, Octopus has sold citizens' private information for $44 million dollars, so a few thousand dollars will not be an effective deterrent."
Law maker Emily Lau says the Hong Kong administration also needs to be held accountable.
“I think the Hong Kong public needs to criticize the Hong Kong government for failing to protect the privacy of the citizens.”
After the privacy debacle, the partly-government owned Octopus says it will delete all non-essential information on customers from its database. It has also pledged to donate the $5.7 million dollars it made from selling customer data to a community fund in a bid to regain public trust.