The decision has nothing to do with privacy scandal, says Leong

A day after the company which he heads was blasted by the Commissioner of Privacy for Personal Data for violating the privacy of its customers, Lincoln Leong announced he is stepping down as non-executive chairman of Octopus Card Holdings Limited (OHL).

He says, however, his decision has nothing to do with the privacy scandal that has blackened the reputation of the company. He says he merely wants to enter a natural and pure retirement after nine years with Octopus. He begins that retirement December 9.

Leong promised the company would fulfill its undertakings to the Privacy Commissioner concerning the resale and transfer of private data. The OHL, the monopoly operator of electronic money, reaffirmed that it ceased data transfers on July 25, 2010.

"We had stopped personal data transferring to third parties, and we have no plan to restart the business at this moment," said Leong. However, the chairman declined to promise "never to conduct data transfer in the future".

Leong also said the Octopus Rewards program would continue but under tighter restrictions over the private information of subscribers.

Reminders were sent by the OHL to 2.4 million Octopus Rewards members, advising them how to opt out so as to assure that they do not receive further unwanted sales solicitations. About 30,000 members have sent in opt-out request and surplus data relating to those members has already been deleted. For those who didn't submit the "opt-out application", data will be retained by the OHL for its own business use, according to the company.

Octopus has already received confirmation from all six of its marketing "partners" that the private information had been deleted or is in the process of being returned to Octopus.

The Octopus Rewards scheme, though under a heated controversy, will continue.

"We will continue the Octopus Reward business as many members welcome the business, and the whole Rewards scheme will not be included in data transaction to a third party for marketing purposes," explained Leong,

New registration forms for the Octopus Reward scheme with tightened personal privacy measures are still being devised to reflect the latest cross-industry guidelines issued by the Office of the Privacy Commissioner for Personal Data (PCPD) on Monday. Personal information, including Hong Kong ID card number or passport number and month and year of birth, will be deleted form the Octopus Rewards database as suggested in the PCPD guideline. Meanwhile, personal mobile numbers, which are the most sensitive personal information making customers unwittingly vulnerable to third party marketers, will remain in the database exclusively for use by the OHL to confirm personal identity.

What's more, in response to the reports of Hong Kong Monetary Authority and the Special Committee appointed by the Board of the OHL, Octopus promised to delete non-essential personal data from its database and ensure those records are stored for a period of time no longer than necessary. Yet no exact timeline has been made public.

The sale of personal data making cardholders the targets of marketing companies, had generated HK$57.9 million revenue for Octopus since 2002. HK$44 million of the total HK$57.9 million revenue had already been donated to the Community Chest in August 2010. The remaining HK$13.9 million will be donated to the same charity in the future. No compensation will be given to the affected customers.

China Daily

(HK Edition 10/20/2010 page1)