Contact Us
Search Print
Font Size
A A A
FacebookInstagramLinkedinWechatXYoutube
Select Category
Show All Options
Modification Time
Done
Done
Done
a
Done
News and Media
Press ReleasesR & M ColumnVideos
SpeechesForthcoming Events
inSightPhoto Gallery
Smart Consumers
Overview
e-Banking
Personal Digital KeysInternet BankingATMs
Payment and Transfer
Faster Payment System (FPS)e-Payment and Transfere-Wallets and Prepaid CardsCredit Cards
Loans
Personal CreditMortgagesPremium Financing
General Banking Services
Account Opening and MaintenanceAutopay ServicesInvestment ServicesDeposits
Beware of Fraudsters!
Don't Lend/Sell Your Account
Notes and Coins
2018 Series Hong Kong BanknotesCoin Cart Schedule
Retirement Planning
Practical Information
Barrier-free Bank Branches and ATMsHotlines of Banks & Stored Value Facility LicenseesComplaintsRegisters and ListsPublic Education VideosPublic Education EventsFAQs
Information in Other Languages
Data, Publications and Research
Data & Statistics
Daily Monetary StatisticsMonthly Statistical BulletinEconomic & Financial Data for Hong KongCMU Bond Price Bulletin
Legislative Council Issues
Publications
Annual ReportSustainability ReportHalf-Yearly Monetary & Financial Stability ReportQuarterly Bulletin
Guide to Hong Kong Monetary, Banking and Financial Terms
Research
Research MemorandumsExternal PublicationsHong Kong Institute for Monetary and Financial ResearchOther Research Papers
HKMA's Open Application Programming Interface (API)
Regulatory Resources
Registers and Lists
Register of AIs & LROsRegister of Securities Staff of AIsRegister of SVF LicenseesList of AI-related Trustees
Authorization, Licensing, Designation and Approval
Regulatory Guides
By Subject (Current)Supervisory Policy ManualGuidelinesCircularsGuide to AuthorizationCode of PracticeExplanatory NotePractice NoteAdditional Guidance
Consultations
OpenClosed
Key Functions
Money
Linked Exchange Rate SystemLiquidity FacilitiesHong Kong Currency
Reserves Management
HistoryExchange Fund's Statutory Purposes and Investment ObjectivesInvestment ManagementInvestment PerformanceRisk ManagementResponsible InvestmentExchange Fund Statistics and Publications
Banking
Banking Regulatory and Supervisory RegimeBanking Legislation, Policies and Standards ImplementationBanking Conduct and EnforcementAnti-Money Laundering and Counter-Financing of TerrorismResolution RegimeSmart BankingRegulatory GuidesRegtech Knowledge HubHKMA – BIS Joint ConferenceGreen and Sustainable Banking Conference & Green Fintech Competition
International Financial Centre
Hong Kong as an International Financial CentreFintechBond Market DevelopmentFinancial Market InfrastructureStored Value Facilities and Retail Payment SystemsStablecoin IssuersSoft InfrastructureInternational & Regional Financial Co-operationCentre for Green and Sustainable FinanceHKMA Infrastructure Financing Facilitation OfficeCross-boundary Wealth Management Connect Scheme in the Guangdong-Hong Kong-Macao Greater Bay AreaGlobal Financial Leaders' Investment SummitHKMA – BIS High-Level ConferenceHong Kong Green Week – Finance Stream
About Us
The HKMA
Governance StructureAdvisory CommitteesThe Chief Executive's CommitteeOrganisation ChartInternal AuditSustainable HKMA
Tender Invitations
The HKMA Information Centre
Exhibition AreaLibraryGeneral InformationGuided ToursSouvenirs
Related Organisations and Links
HKMA-related Organisations and LinksHKSAR Government & Related OrganisationsCentral BanksMultilateral OrganisationsOthers
Join Us
Why the HKMA?What We Do?Current VacanciesOpportunities for Students and Graduates to Join the HKMA
News and Media
Smart Consumers
Data, Publications and Research
Regulatory Resources
Key Functions
About Us

Independent auditors submit to the Monetary Authority interim findings in the section 59(2) report on Octopus Cards Limited

Press Releases

18 Oct 2010

Independent auditors submit to the Monetary Authority interim findings in the section 59(2) report on Octopus Cards Limited

The Hong Kong Monetary Authority (HKMA) announced today (Monday) that Deloitte Touche Tohmatsu (DTT), the independent auditors, have submitted to the Monetary Authority their interim findings in the report on Octopus Cards Limited (OCL) commissioned under section 59(2) of the Banking Ordinance (the "interim report").

The purpose of the section 59(2) report is to independently find out and assess OCL's processes and practices for the handling of Octopus cardholders' personal data in the light of the concern about the Rewards Program operated by Octopus Rewards Limited. The scope of the review includes, among other things, establishing which third parties had received from OCL Octopus cardholders' personal data and what personal data was passed to these third parties; establishing what policies and procedures were in place to govern the sharing of such personal data; establishing what due diligence OCL performed before sharing such personal data with third parties; and making recommendations to enhance the effectiveness of data privacy protection in OCL.

DTT found that a total of six entities had received Octopus cardholders' personal data from OCL and other members of the Octopus group for direct marketing activities. No transaction data of Octopus cardholders was transferred to these six entities. The names of these entities are the same as those made public by Octopus Holdings Limited on 29 July 2010.

DTT have also reviewed the documents, internal policies, procedures and guidelines on data security and privacy adopted by OCL, and confirmed that:

  • OCL Management sought in 2002 legal advice to ensure compliance with applicable laws and regulations including the Personal Data (Privacy) Ordinance (PDPO) before OCL first started sharing Octopus cardholders' personal data with third parties for marketing activities.
  • OCL Management informed its Board in 2002 about the development of business initiatives concerning the use of Octopus cardholders' personal data, and that legal advice had been taken to ensure that the program was in compliance with the PDPO.
  • OCL conducted periodic onsite compliance checks on business partners to assess their systems of control in relation to data security.
  • OCL conducted internal audits periodically covering, among other things, compliance with the PDPO.

DTT also noted a number of communications during the period from early 2004 to August 2010 between the Office of Privacy Commissioner for Personal Data (PCPD) and the Octopus group relating to the group's handling of personal data, covering among other things, how consent was obtained from cardholders, the arrangement for sharing personal data with unrelated third parties for direct marketing purpose and the types of personal data shared with these third parties, and the actions taken by the group in response to the PCPD's concerns raised in these communications.

Based on their findings, DTT have proposed a number of recommendations, among other things, to enhance OCL's systems of control in the collection, storage and retention of customers' personal data, and the due diligence and controls in the sharing of such data with third parties should OCL carry out similar business activities in the future.

The HKMA has published in full the interim report given the recent concern about the handling of Octopus cardholders' personal data (attached). The HKMA has also sent a copy of the interim report to the PCPD for reference and appropriate action. When the outcome of DTT's final report on OCL is available, the HKMA will consider the most appropriate follow-up action. Among other things, the HKMA will require OCL to implement the recommendations in the reports and will monitor its progress in liaison with the PCPD as appropriate. The HKMA also understands that the PCPD will shortly issue its final report on Octopus. Taking into account any new recommendations and guidelines on the collection and use of personal data, we will liaise with the banking industry to ensure that banks will follow the latest standards set by the PCPD.

DTT expect to complete the field work shortly and to submit a final report to the HKMA thereafter. The HKMA will set out the findings of the final report in an appropriate form for public information.

For media enquiries, please contact:
Anissa Wong, Manager (Communications), at 2878 1802 or
Natalie Wu, Officer (Communications), at 2878 8246

Hong Kong Monetary Authority
18 October 2010

Latest Press Releases
View All View All
Last revision date : 18 October 2010