Privacy commission slams sale of personal data to insurance broker
Health centre's telemarketers used promise of check-ups to gather personal data, and then sold it to insurance broker as marketing tool
The public watchdog condemned a medical centre for collecting personal data from more than 360,000 people and selling it to an insurance broker for direct marketing purposes.
The Office of Privacy Commissioner for Personal Data yesterday revealed that the Hong Kong Prevention Association (HKPA) made cold calls to people, offering them a chance to join a free medical check-up scheme and asking them for personal data. The callers claimed the checks were endorsed by the government, which was not true.
They also failed to explain clearly that the data would be transferred to Aegon Direct Marketing Services Insurance Broker, for use in direct marketing activities.
Aegon Direct paid for the information, which used it for promoting insurance products.
Privacy Commissioner Allan Chiang Yam-wang said the data was collected in a misleading and arguably deceitful way. He said the insurer was also accountable as it had approved scripts used by the association's telemarketers.
"Such irresponsible and recalcitrant behaviour must be condemned," he said.
Chiang said the commission had received 11 inquiries and five complaints about the matter. It investigated three complaints. It found that the association had signed an agreement with Aegon Direct to sell data from at least 2,000 people every month.
Over the past two years Aegon Direct paid more than HK$10 million for the data obtained from 363,830 people and for any medical check-ups they had. In the end, about 168,000 people undertook simple kidney checks.
Chiang said callers had slurred through almost 400 words in one minute when it came to explaining how the data would be passed to Aegon Direct.
"Once they mentioned the role of Aegon Direct, they would speak very fast. They only emphasised the free body check throughout the call," he said. The commissioner ordered the insurer to destroy all the data obtained from the HKPA, except information about those who had bought insurance, by the end of September. Failure to do so would be a criminal offence.
Aegon Direct said it had never authorised the association to say its promotional campaign had been endorsed by the government. The HKPA did not respond to Post inquiries.
Meanwhile, the commission also found that the way the MTR Corporation handled its CCTV footage was not good enough. It stored some footage longer than required and failed to use an encrypted device to transfer it.
The MTR, which has 3,342 CCTVs installed at stations and 429 on trains, said it would study the recommendations.