Hong Kong privacy watchdog warns data management firm over possible exposure of credit histories of 180,000 people
- Privacy Commissioner Ada Chung says Softmedia Technology Company allowed money lenders access to database for as little as HK$2
- Softmedia claims its database is largest of its kind in Hong Kong, but Chung says it’s not covered by laws governing financial industry
Hong Kong’s privacy watchdog has threatened to take legal action against a data management firm for failing to protect the credit histories of about 180,000 people from unauthorised access.
The Office of the Privacy Commissioner for Personal Data on Thursday said it received a complaint in December 2021 from an individual who found his credit data stored in a database called TE Credit Reference System had been accessed by eight money-lending companies without his consent.
Commissioner Ada Chung Lai-ling said the database’s operator, Softmedia Technology Company, had failed to take sufficient measures to protect the information it stored, which might have allowed users from about 680 money lending firms to access the credit data of roughly 180,000 people without their consent.
“I’m of the opinion that Softmedia has contravened the relevant requirement of the Personal Data (Privacy) Ordinance,” she said. “In particular, Softmedia has failed to take all practicable steps to protect the personal data in the credit reference system against unauthorised or accidental access, processing or use.”
Chung said a notice was sent to Softmedia demanding it establish policies and measures in the next three months to ensure money lending companies had received authorisation from borrowers before accessing their data, as well as reviewing and limiting the number of access to the database by each money lender.