Page:Unauthorised Access to Credit Data in the TE Credit Reference System.pdf/2

Investigation by the Commissioner

5. After making preliminary inquiries, the Privacy Commissioner for Personal Data (the "Commissioner"), in accordance with Section 38(a)(i) of the Personal Data (Privacy) Ordinance (the "Ordinance"), commenced an investigation regarding the subject complaint into the TE Credit Reference System operated by Softmedia.
6. During the investigation, the Commissioner wrote to Softmedia on six occasions and received written replies and relevant documents from them. PCPD staff had also visited Softmedia's Kowloon Bay office, made inquiries with the representatives of Softmedia and obtained information pertinent to the case from the company.
7. The Commissioner noted that Softmedia was not one of the credit reference agencies^[1] shortlisted by the Hong Kong Association of Banks, the Hong Kong Association of Restricted Licence Banks and Deposit-taking Companies, and the Hong Kong S.A.R. Licensed Money Lenders Association Limited (collectively "Industry Associations") under the Multiple Credit Reference Agencies ("MCRA") Model. Thus, it is neither regulated by these Industry Associations^[2] nor by ordinances related to the finance industry, such as the Money Lenders Ordinance (Chapter 163, Laws of Hong Kong) or the licensed money lenders' code of practice.

Findings and Contraventions

Background of Softmedia

8. According to Softmedia's website^[3], Softmedia was established in 1991 and focused on database establishment and interactive CD-ROM design. As network operating systems rapidly grew, Softmedia developed various new-generation software management systems for clients in fields such as loans, beauty salons, education, and retail, etc. Softmedia's clients included government departments, listed companies and small and medium-sized enterprises in various industries.