The following statement was issued by the The Office of the Privacy Commissioner for Personal Data for Hong Kong:
(13 October 2015) The Office of the Privacy Commissioner for Personal Data (“PCPD”) expresses concern over the possible personal data leakage involving the contactless credit cards issued by banks and commences a compliance check on this issue. PCPD reminds the card-issuing banks to comply with the requirements under the Data Protection Principles (“DPPs”) in the Personal Data (Privacy) Ordinance (“Ordinance”) to ensure the protection of the personal data of the general public. This will greatly enhance the confidence of the general public in using this new technology.
The Data Security Principle may be engaged in this possible personal data leakage.
Data Security Principle
This principle requires the data user to take all practicable steps to ensure the security of personal data and protect it against unauthorised or accidental access, processing, erasure, loss or use.
Depending on the outcome of the compliance check, the PCPD would make appropriate suggestions to issuing banks of contactless credit cards, with a view to assisting them to meet the requirements under the Ordinance and to protect the personal data of the general public.