An investigation by Hong Kong's Office of the Privacy Commissioner for Personal Data found EC Healthcare failed to obtain consent from clients before transferring their personal data to two brands within its group. "Such practices were disappointing both from the perspective of compliance with the legal requirements or that of respecting clients' wills," Privacy Commissioner Ada Chung said. The PCPD also identified deficiencies in Fotomax's data security measures it said led to a ransomware attack.
17 Nov. 2022
Hong Kong PCPD publishes investigation reports
Related stories
Home sweet home or location, location, location: The best place for your company's privacy office
Transparency, good data and documentation: How HR can navigate the EU AI Act
Mind matters: Shaping the future of privacy in the age of neurotechnology
A view from DC: The FTC's next priorities
Notes from the IAPP Canada: CPS25 highlights privacy, AI, cybersecurity evolution
