An investigation by Hong Kong's Office of the Privacy Commissioner for Personal Data found EC Healthcare failed to obtain consent from clients before transferring their personal data to two brands within its group. "Such practices were disappointing both from the perspective of compliance with the legal requirements or that of respecting clients' wills," Privacy Commissioner Ada Chung said. The PCPD also identified deficiencies in Fotomax's data security measures it said led to a ransomware attack.
17 Nov. 2022
Hong Kong PCPD publishes investigation reports
Related stories
Notes from the IAPP Canada: Consultation period on CBPR implementation ends 30 June
CPPA Board tees up new consultation on draft ADMT, cybersecurity audit, risk assessment regulations
Ireland's DPC finalizes TikTok decision with potential data transfer ban
A view from DC: Colorado considers re-forging AI guardrails
Biometric promises, regulatory gaps: Why Canada needs a new approach to facial recognition technology
