Two Firms Issued Privacy Enforcement Notices
"); jQuery("#212 h3").html("
"); });
2022-11-14 HKT 14:35
The Office of the Privacy Commissioner for Personal Data has issued enforcement notices against a medical service provider and a photofinishing chain, saying both violated the Personal Data Ordinance.
Announcing the results of an investigation on Monday, the office said it took action against EC Healthcare after receiving complaints about four of its centres.
The office said 28 of 39 brands under EC Healthcare, including Primecare and Dr Reborn, have adopted an integrated internal database involving the data of around a million members.
In one case, a complainant who visited a doctor in Primecare was told that her information had been transferred without notice to Dr Reborn, which the doctor had later joined.
Privacy Commissioner Ada Chung called such acts "disappointing", adding that the medical group failed to consult its clients before sharing their data.
"EC Healthcare failed to obtain the relevant consent from its customers before it put their personal data in the internal integrated system for use among the 28 brands. In this regard, I find their practice disappointing," she said.
Chung added that her office will step up monitoring efforts on large healthcare organisations.
Meanwhile, photofinishing chain Fotomax has been issued an enforcement notice following a ransomware attack on the database of its online store.
The incident in October last year affected 544,862 members and 73,957 customers who had made purchases online.
Chung said Fotomax had "serious deficiencies" when handling the matter, such as misevaluating security vulnerability risks and delaying implementation of multi-factor authentication.
"Fotomax lacks the awareness of risks, and it also has serious deficiencies in its information system security, that lead to the hacking event, and that actually is the direct cause of the hacking event," she said.
The office urged companies to conduct regular risk assessments and enhance information systems management to prevent hacker attacks.
How PayMe By HSBC Is Shaping Digital Payment Usage In Hong Kong
The rise of digital payment solutions has significantly transformed Hong Kong’s financial landscape, with consumers i... Read more
Hong Kong Set To Launch Asias First Spot Bitcoin Exchange-Traded Funds
The Securities and Futures Commission (SFC) of Hong Kong is anticipated to announce the approval of the city’s first ... Read more
Hong Kong Unveils Enhanced Anti-Scam Charter 2.0 To Combat Digital Fraud
The Hong Kong Monetary Authority (HKMA) and the Hong Kong Association of Banks (HKAB) have launched the Anti-Scam Consu... Read more
In Asia, E-Wallets Are Fast Becoming The Preferred Payment Method For The People
E-wallets remained popular among consumers in Asia-Pacific (APAC), maintaining their position as the preferred payment ... Read more
HashKey Group Sets Sights On Surpassing Coinbase With Launch Of HashKey Global
HashKey Group, an operator in Hong Kong’s licensed cryptocurrency exchange market, has expanded its offerings with th... Read more
Ant Group Rolls Out International Zones With Global E-Wallets And Card Partners
Ant Group, in collaboration with 11 overseas payment partners of Alipay+ and major international card organisations, la... Read more