The city government of Hong Kong recently ordered officials for Octopus Cards Ltd to cooperate with an investigation surrounding the inappropriate sharing of customer data related to a rewards program for mass-transit fare-payment cards, according to local media reports.

Octopus in early August admitted it had shared the personal data of as many as 1.97 million customers participating in its Octopus Rewards program with six other business partners, without receiving proper consent from customers.

According to reports, Octopus received roughly US$6 million in return for sharing the data. Hong Kong's chief Donald Tsang has asked Octopus to provide a convenient channel for customers to retrieve their personal data from the partners or provide consent to release it to the other companies.

The Hong Kong government also ordered representatives of the Mass Transit Railway Corp., who sit on the Octopus board, to cooperate with investigations the Privacy Commissioner for Personal Data and the Hong Kong Monetary Authority are conducting.

The railway corporation operates the city's mass-transit network; Octopus Card is the prepaid card customers use to pay fares and to make purchases at local convenience stores and restaurants.

Octopus Cards Ltd is wholly owned by Octopus Holdings, whose shareholders are major transport operators in Hong Kong; the railway corporation has the largest stake.

Octopus said in a recent statement that it has appointed consulting firm Deloitte Touche Tomatsu to conduct an independent review of the the company's data-protection policies and practices.

More than 2.4 million customers have registered for the Octopus Card’s rewards program.

Officials from Octopus and the railway corporation declined to comment on the situation.

What do you think about this? Send us your feedback. Click Here.


Subscribe Now

Authoritative analysis and perspective for every segment of the payments industry

14-Day Free Trial

Authoritative analysis and perspective for every segment of the industry