Another senior Octopus executive, Lincoln Leong Kwok-kuen, tepped down yesterday following the privacy-breach scandal. Yet rather than link his departure to the controversy he said it was 'a good chance for someone new to take over'. Leong, the non-executive chairman of Octopus Holdings, who is also the MTR Corp's finance and business development director, said he was retiring and would leave the company at the end of the year. When Prudence Chan Bik-wah resigned as Octopus Cards' chief executive in August, Leong said he would not quit as he could 'best serve the company' by staying on. Octopus Holdings escaped punishment on Monday for collecting excessive personal details on its cardholders and selling the details without authorisation, despite being found by the privacy watchdog to have deceived its reward-card holders. The Office of the Privacy Commissioner found personal data of more than one million Octopus cardholders had been sold to business partners for HK$44 million without cardholders' consent since 2006. Leong, 49, revealed his departure yesterday after announcing a number of remedial measures aimed at shoring up the company's ailing reputation in the wake of the scandal. 'I have served as the non-executive chairman for nine years amid the changing business environment. It is a good chance for someone new to take over,' he said. Leong did not say if he was taking the blame for the privacy breaches, but when asked about privacy commissioner Allan Chiang Yam-wang's finding - that participants in the Octopus Rewards Scheme had been deceived - he said the company had not accepted some of Chiang's comments as they had contradicted its legal advice. However, Leong said Octopus would fully embrace the commissioner's recommendations on ways to improve its data protection policy. Leong will be replaced by former HSBC chairman John Strickland, 70, who helped build the bank over two decades and is a respected figure in the technology business. Wong Kwok-hing, the lawmaker who has been following the issue, said Leong's departure was necessary because Octopus Cards during his tenure had lost its way and deviated from its core business goals. The Hong Kong Monetary Authority said Octopus Card's data trade business dated back to 2002. It shared not only cardholders' names, telephone numbers and identity information, but also their credit card numbers. In most cases, telemarketing sales companies that obtained the information contacted the cardholders posing as a representative of Octopus Cards to sell insurance products; Chiang called such acts deceitful. The commission has received 15 complaints since 2002, three of them are pending further investigation. In May 2007, the commission warned the company to stop collecting the identity card numbers of people that applied for the automatic add-value service upon complaints, but this was not done until recently. Octopus Cards earned HK$57.9 million from the data business over eight years - including the HK$44 million it disclosed and which it has donated to the Community Chest. Leong said it would donate the rest. Octopus Cards has pledged not to resume the data trading business and to remove from the database cardholders' ID numbers and dates of birth, which the commissioner described as excessive information. Its six partners, which had bought such data, will later submit proof that they have deleted the data. The company planned to employ a data privacy officer to enforce its policy and best practices, train staff on the new policy and provide an annual data privacy audit and compliance report, Leong said yesterday. But Octopus would not end its Octopus Rewards Scheme - source of the scandal - because it was popular with its 2.4 million members.