Medical entrepreneurship can bring diversity and competition to the health care market. But if it is abused it can undermine public trust. An example is a medical centre that has been condemned by the privacy watchdog for collecting personal data from more than 360,000 people and selling it to an insurance broker for direct marketing purposes. Once again the lesson of the Octopus Card scandal three years ago has either not sunk in or been ignored. Octopus confessed to selling the personal details of more than a million customers to business partners, and later tried to make amends by donating the HK$44 million profit to charity. After that, you would at least expect personal data to be safe with a bank, and not to be sold commercially for uses unrelated to banking. But within a year the privacy commissioner revealed that four banks had done precisely that.
In the latest case, Privacy Commissioner Allan Chiang Yam-wang said the Hong Kong Prevention Association made cold calls offering people the chance to join a free medical check-up scheme without explaining clearly that their data would be transferred to Aegon Direct Marketing Services Insurance Broker. The data had been collected in a misleading and arguably deceitful way, including a claim of government endorsement. Over the past two years Aegon had paid HK$10 million for it and for simple kidney checks undertaken by fewer than half the people called.
Chiang said the callers had spoken "very fast" about Aegon's role, which is akin to the fine print in a sales agreement or contract that many of us do not read closely enough. The Octopus Card case prompted amendments to the Personal Data (Privacy) Ordinance which took effect earlier this month, making it a criminal offence if companies fail to ascertain that customers have no objection to the use of their personal data, or fail to disclose the type of data to be used. Consumers concerned about privacy should heed Chiang's advice to keep copies of their requests to opt out of direct marketing.