Commissioner Calls For Regulation Over Database Fears

"); jQuery("#212 h3").html("

Related News Programmes

"); });

2023-06-01 HKT 16:03

Share this story

facebook

  • Commissioner calls for regulation over database fears

The Privacy Commissioner has called on the government to regulate credit reference databases after finding breaches by a Kowloon Bay software company put at risk the personal data of some 180,000 people.

The commissioner's office on Thursday said it has served an enforcement notice on the firm Softmedia, whose credit reference system is used by almost 700 money lenders.

The office launched an investigation into the company after a man complained that several firms had accessed his credit data even though he had not given his consent and had never even applied for loans from them.

The complainant said he was informed about the firms' access to his records by another lender who then asked him whether he had recently experienced severe financial difficulties.

The investigation found that Softmedia gave the money lenders almost unlimited access to borrowers' information for a very low fee and that it didn't monitor access to the database.

Passwords for the system could be weak and didn't have to be changed regularly, meaning former members of staff at the lenders could potentially gain access, the commissioner's office added.

At a press conference, Privacy Commissioner Ada Chung said Softmedia – whose clients also include listed companies and government departments – had violated the Personal Data (Privacy) Ordinance and had been ordered to take a number of steps, including imposing restrictions on access to the database and verifying that the money lenders have permission from borrowers to access their information.

Chung also noted that the company's credit reference system is not regulated by any bank or money lender association, isn't covered by any ordinance related to the finance industry, and doesn't have to comply with a code of practice.

"The situation is far from satisfactory," the commissioner said.

She added that to protect people's privacy, the operation and management of credit reference databases should be regulated or supervised through laws, guidelines, industry codes or licensing systems.

"It is of crucial importance that appropriate penalties should be imposed on wrongdoers, that the privacy of borrowers should be adequately protected, and the security of the database should be properly safeguarded."

RECENT NEWS

Fraud & AML In Asia: What Banks Need To Know In 2026

Fraud and AML in Asia have shifted over the past year. Alongside the system-level attacks that continue, panellists poi... Read more

Hong Kongs Total AUM Hits Record HK$42.2 Trillion In 2025

According to the Securities and Futures Commission (SFC), Hong Kong’s total assets under management (AUM) reached a r... Read more

Hyundai Card Leverages Apple Pay To Target Gen Z Users

Hyundai Card launched six new debit and hybrid cards tailored to Apple Pay users in April. The South Korean issuer is t... Read more

DBS And Samsung Securities Partner For Global Wealth Expansion

DBS has signed a MoU with South Korea’s Samsung Securities to establish a strategic partnership in wealth management.... Read more

RedotPay Selects OpenPayd For Treasury Operations And Global Remittances

RedotPay has selected OpenPayd to enhance its treasury operations and cross-border remittance services. The company wil... Read more

JCB Rolls Out Contactless Transit Payments Across Taipei Metro

JCB has rolled out contactless payment acceptance on the Taipei Metro. The integration allows cardholders to tap physic... Read more