Privacy Department Launches Compliance Investigation at Cathay Pacific –


Cathay Pacific Airways (00293) and Dragonair leaked 9.4 million customer data. The Privacy Commissioner's Office for Personal Data issued a press release stating that Privacy Commissioner Huang Jier performed a compliance review after receiving the notification of the Cathay Pacific leak incident. The most recent information is considered to have reasonable grounds to believe that there has been a violation of the law, and today it is decided to conduct a regulatory inquiry into Cathay Pacific and Dragonair in accordance with the Privacy Policy.

Huang Jier said that the compliance investigation will examine in detail the security measures taken by Cathay Pacific in the protection of customers' personal data and the policies and practices of retention of their personal data. The Privacy Commissioner may, in accordance with the powers conferred by the Privacy Act, call witnesses, enter premises, request evidence and conduct public hearings on the incident in the course of a compliance investigation.

He reiterated that it is the established policy and practice of the Office to conduct a compliance review before conducting a compliance investigation. Some commentators have said that after conducting the compliance review, the compliance investigation will be automatically stopped, which is a mistake and irresponsible.

Earlier today, Cathay Pacific responded in writing to the Privacy Commissioner's request for review. The compliance review was launched on October 25, when Cathay Pacific publicly announced and notified the Privacy Commissioner that its personal data from a large number of customers had been accessed without authorization. After considering the latest information obtained from Cathay Pacific, the Privacy Commissioner has decided to conduct a regulatory investigation to verify that the incident violates the requirements of the Privacy Policy.

At 5:00 pm today, the Office of Privacy Commissioner for Personal Data received a total of 89 complaints and 108 queries related to the violation of information.


Source link