Octopus-gate chief exec resigns over private data sale
On her bike
The sale of private data by Hong Kong transport payments firm Octopus Holdings has forced the resignation of chief exec Prudence Chan.
Octopus, which sells cards used by Hong Kong residents to pay for subway and bus fares, has agreed to donate to charity the HK$44m ($5.7m) it made from selling the details of an estimated two million users as it seeks to draw a line under the scandal. David Tang, head of property projects at MTR Corp, a majority shareholder at Octopus, has been appointed as interim chief executive. Chan will remain at Octopus for a six-month handover period, Bloomberg reports.
The transport payment firm sold personal data to six firms without the consent of its customers. Chan initially denied the sale of the data to privacy commissioners but was forced to admit wrongdoing after further evidence emerged. Her dissembling provoked a public outcry and calls from local politicians for her to resign.
Octopus cards are held by the vast majority of HK residents and can be used to buy food at various outlets as well as paying for transportation. Some purchase the cards for cash but Octopus cards can also be recharged using credit cards. In addition, the firm operates a loyalty card scheme. ®
Is Octopus Holdings that hard up for cash?
I understand cultural differences exist between East and West but HongKong is a world city whose residents have similar sensitivities to privacy as most Westerners do but Chan's actions beggar belief.
At least HK Oysters have a cash option unlike some schemes and no doubt this abuse will encourage the use of the cash option.
The only more egregious example I can think of is where a certain large tax preparation company sells transcripts of its clients tac returns to credit bureaus.
This has been a big story here, with additional complications like there being a handover to a new Privacy Commissioner in the middle (end of 5-year term),,,
@JaitcH - I don't see an East/West difference here, HK's privacy law is trailing Europe's (but this incident will make a difference in the current review of the law) but I wouldn't be surprised if a Western executive behaved similarly - to similar public outcry. Octopus doesn't seem to have broken the law, and there are alternatives to giving your personal info: The incident involves the data of 1.97 million who either signed up to the "Octopus Rewards" scheme, or got a "Personal Octopus" card that refills from your bank account automatically when empty, both involved agreements with Terms and Conditions (that the Privacy Commissioner noted you needed a magnifying glass to read). The other ~15million Octopus cards are not linked to personal data.
@Ian Michael Gumby - well, it would be about HK$22 each, but do you treat all the victims equally? Some of the revenue was per signup for insurance.
@Graham Bartlett - You wish. Now, take a cold shower & lie down...
@Mike Moyle - Don't know, but, a year later, do they note their lower profits (due to adverse public opinion) in their accounts and consequently donate less to charity?
Mine's the one with the anonymous Octopus in the pocket.
Even if it's court-ordered...
...do they get a tax-write-off for the charitable donation?