Your data's safe: Octopus vow as scheme returns
The scandal-hit Octopus Rewards scheme restarts today, 10 months after it was found to have sold members' personal data to third parties for HK$44 million.
Company bosses say they have cleaned up their act and will start registering members using a redesigned form to comply with the privacy commissioner's guidelines issued after an investigation.
It vowed that it would not transfer customer data to any third party for direct marketing.
Members will no longer be required to reveal their identity card or passport number and their date of birth.
It will also be optional for them to disclose their monthly income and personal interests.
Terms and conditions will appear in bigger print and a section on personal data collection will be in bold type.
If members do not want to receive marketing offers from the company, they indicate this on the form. However, they will need to check all four boxes of 'e-mail', 'SMS', 'direct mail' and 'phone' to stop all forms of communication.
The company has also hired an officer specialising in data protection.
Federation of Trade Unions lawmaker Wong Kwok-hing said it was a welcome improvement.
'The most important improvement is to show the terms and conditions in a larger font. That can allow members to read through carefully and clearly,' he said.
It was also good that members were no longer forced to reveal their monthly income levels, he said.
Octopus Rewards made the changes after a privacy commissioner's report in October said the company violated three data protection principles, including collecting more data than needed to verify its customers' identities and selling it for monetary gain.
Instead of issuing an enforcement notice, it accepted an undertaking from Octopus that it would, within two months, destroy and erase its members' identity card numbers and birth dates from its data base.
The commissioner found that the personal data of more than 1 million Octopus cardholders was sold to business partners for HK$44 million without the cardholders' consent in the five years from 2006. The scandal came to light in July last year.