Dec 052013
 December 5, 2013  Posted by  Breaches, Business, Laws, Non-U.S.

Ng Kang-chung reports:

Fitness centre chain California Fitness has been rapped over the knuckles by the privacy watchdog for putting at risk the personal details of 220,000 customers who have signed up for its exercise courses.

An investigation by the Office of the Privacy Commissioner for Personal Data, prompted by two complaints in 2011, found California Fitness had breached privacy law by asking customers to supply too much personal information – including their dates of birth – and storing photocopies of members’ identity cards.

The watchdog warned that any leak of the information could have resulted in serious identity theft.

California Fitness argued that copies of ID cards were needed to calculate staff commissions from memberships, and that they asked for dates of birth so they could make birthday offers to members.

Privacy Commissioner Allan Chiang Yam-wang, who released the investigation report on Thursday, dismissed the centre’s arguments as “ridiculous”. “Customers have no responsibility to help the company in its staff remuneration system,” said Chiang, adding that collecting members’ age range or month of birth should be enough for birthday promotions.

Read more on South China Morning Post.  You can read the Commissioner’s summary of the case here and access the full report here (pdf).

Sorry, the comment form is closed at this time.