Privacy watchdog probes Manulife

PUBLISHED : Thursday, 12 May, 2011, 12:00am
UPDATED : Thursday, 12 May, 2011, 12:00am


Hong Kong's privacy watchdog is looking into allegations insurance giant Manulife is asking customers to agree to revised online terms that appear to breach guidelines issued in the wake of the Octopus card details-for-sale scandal.

Customers say they have not been able to check their Mandatory Provident Fund accounts with the firm online unless they click 'accept' on an option which allows Manulife to transfer customers' personal data 'to promote financial-related products or services ... through intermediaries or direct marketing'.

Manulife says it has not sold any personal information to third parties and that customers can opt out at any time. The insurance giant operates more than a million MPF accounts.

The Office of the Privacy Commissioner moved to tighten rules after controversy over the sale of customer data by the company that operates the Octopus Card system. The company, Octopus Cards, denied selling data but later admitted it had made HK$44 million by selling details of about two million cardholders.

Manulife customer Yung Suet-hung said: 'It is very suspicious that they forced me to agree to the terms.' She said she did not realise her personal data might be transferred to a third party when she signed up for Manulife's MPF service. She did not have the choice to reject any terms as her employer chose the firm to be trustee of her account.

Manulife's login page advises customers to check terms and conditions regularly.

Civic Party legislator Ronny Tong Ka-wah said Manulife's practice appeared to go against the social consensus on privacy protection. A spokeswoman for the Office of the Privacy Commissioner said it was looking into the matter.

Manulife is not alone. The website of another insurer, Fidelity, carries a notice in which is embedded a link to its privacy policy suggesting customers' data might be passed to a third party for marketing purposes. Fidelity could not be reached for comment.

In October, following the Octopus scandal, the government proposed tightening the privacy law by criminalising sale of personal data.