New privacy commissioner Allan Chiang Yam-wang hopes the Octopus Cards saga will prompt other organisations to check whether their protection of personal data is adequate. 'For similar organisations, including companies that collect personal data, government departments and other groups, this can be a good reference for them to review their existing systems and procedures,' Chiang said. They should also make sure the application forms they were using to collect data, their content, format, font size and terms, were clear enough for their clients to realise what they were signing, Chiang said on an RTHK radio programme. One of the complaints against Octopus has been that many users may have signed over the right to use their data without knowing it when they joined a rewards scheme because the conditions were in small print. On Saturday, Chiang's predecessor, Roderick Woo Bun, made 12 recommendations in the interim investigation report on the sale of data to third parties by the Octopus Card issuer. These include obtaining customers' consent on using their personal data in direct marketing and that print on registration forms for the Octopus rewards scheme should be easily readable. Chiang, who assumed duty two days ago, said it was 'very good timing' for him to take over because the Octopus Card row had aroused public awareness of personal data protection. He said that if corporate management was not enough to protect personal information, the commission would introduce legislation. Chiang's team will complete the report on the Octopus Card affair by the end of next month, including whether the card issuer broke any law, which it has insisted it did not. Chiang also praised Octopus Holdings' remedial measures announced on Wednesday night, such as deleting any personal data kept unnecessarily on its database, saying that 'these are very good follow-up measures' and 'proactive reactions'.