The Hong Kong Securities and Futures Commission (SFC) has informed the public that it has banned Mr Ngo Wing Chun, a former relationship manager of Hongkong and Shanghai Banking Corporation Limited (HSBC), from re-entering the industry for 12 months from 20 September 2018 to 19 September 2019 for unauthorized transfer of customer data.
The SFC found that Ngo sent an email containing personal data of approximately 995 customers from his HSBC email account to his two personal email accounts on 19 November 2015, his last working day at HSBC.
The customer data leakage was immediately detected by HSBC’s email monitoring system before Ngo joined another bank in a similar capacity the following day. Ngo agreed to delete the email upon HSBC’s request from his personal email accounts. There is no evidence that the customer data had been disclosed to any third parties.
Ngo’s conduct was in breach of HSBC’s internal policies, the Personal Data (Privacy) Ordinance (PDPO) and the SFC’s Code of Conduct.
In deciding the sanction, the SFC took into account all relevant circumstances, including Ngo’s otherwise clean disciplinary record.
This case was referred to the SFC by the Hong Kong Monetary Authority (HKMA).