Conviction against a
credit card company
1. A credit card company (the Company) was
convicted of two offences under section 34(1)(ii) and section 64(10) of
the Personal Data (Privacy) Ordinance (the Ordinance) today (13 August)
in the Eastern Magistrates’ Courts. The Company pleaded guilty to
both summonses and the magistrate imposed a fine of $3,500 for each
summon, which made a total fine of $7,000.
2. Mr. Roderick B Woo, the Privacy Commissioner for
Personal Data, said: “This is the third conviction of its kind this
year and serves to bring home a strong message that malpractice in
handling personal data simply will not be tolerated by the
courts. In using personal data for direct marketing purposes,
commercial organizations must strictly abide by opt-out requests made
by people whom they approach, for this is the law.”
3. The complainant was formerly a credit card holder
of the Company but cancelled the card account sometime in
2002/2003. Thereafter, the Company sent several direct marketing
mails to the complainant. In October 2005, the complainant made
an opt-out request to the Company by telephone. However, the
complainant continued to receive direct marketing mail from the
Company. The complainant lodged a complaint to the Office of the
Privacy Commissioner for Personal Data (“the PCPD”) in January 2006.
4. Having learned that the complainant had made a
complaint to the PCPD, the Company sent a letter of apology to
him. The Company also agreed to process the complainant’s opt-out
request by removing his data from their mailing list.
Notwithstanding these, the complainant still received marketing mails
from the Company on 15 January and 3 February 2007 respectively.
5. Consequently, the Company was summonsed for two
offences under section 34(1)(ii) of the Ordinance, which requires data
users to cease further contact with the individual if the individual
chooses to opt-out. Contravention of section 34 of the Ordinance is an
offence under section 64(10) of the Ordinance.
Back
to top