Privacy Commissioner's Report Affirms ZA Bank's Customer Data Protection Measures

The Office of the Privacy Commissioner for Personal Data (PCPD) has published an inspection report on the customers’ personal data system of ZA Bank, the first virtual bank in Hong Kong.

ZA Bank was granted a virtual banking license by the Hong Kong Monetary Authority in March 2019 and became operational in March 2020.

The inspection found that ZA Bank has generally complied with the requirements of the Personal Data (Privacy) Ordinance (PDPO) in the handling of customers’ personal data.

PCPD noted that ZA Bank took measures such as implementing a paperless office, conducting drill exercises to prevent the threat of phishing attacks and promoting a culture of privacy in the workplace.

However, the PCPD also made some recommendations for ZA Bank to further strengthen the protection of its customers’ personal data.

This includes strengthening the management of its data processors, enhancing the monitoring capabilities of the data loss prevention system, and limiting the time for staff to access customers’ personal data.

Ada Chung Lai-ling, the Privacy Commissioner said,

“Consequent upon the development of fintech in Hong Kong, there are currently eight virtual banks which offer innovative financial services to the public.

I hope that the findings and recommendations of this inspection will not only assist ZA Bank to further strengthen the protection of its customers’ personal data, ensure data security and prevent data breach incidents, but also serve as a reference to other virtual banks in complying with the requirements of the PDPO.”

ZA Bank issued a statement saying that “customer privacy is always at the heart of its operations, and the PCPD’s report reaffirms its longstanding strategy to protect customer data”.

The digital bank added that it will implement the PCPD’s recommendations to further strengthen the protection of its customers’ personal data.

Calvin Ng, Alternate Chief Executive of ZA Bank said,

“The PCPD’s report is positive and commends us for complying with the requirements of the PDPO to manage customers’ personal data.

Our measures include: establishing a Personal Data Privacy Management Programme, appointing a dedicated Data Protection Officer, implementing a ‘Phishing Attack Drill Exercise’, and promoting a culture of privacy in the workplace, etc.”

Privacy Commissioner’s Report Affirms ZA Bank’s Customer Data Protection Measures

Author

Ping An Digital Bank Rebrands as Deposits Exceed HK$12 Billion

ZA Bank Brings Nasdaq Data to Hong Kong, Expanding US Stock Access and Investor Education

WeLab Bank Launches Multi-Currency Debit Card with Mastercard

KakaoBank Expands in Indonesia Through Superbank Partnership

5 Stories That Shaped Hong Kong’s Fintech Scene in 2025

Two of Hong Kong’s Digital Banks Touched Profitability. What Comes Next?

WeBank and WeBank Tech Services Debut at Hong Kong Fintech Week 2025

ZA Bank Launches StockBack Visa Card

Turn Any iPhone Into a Payment Checkout Device With Adyen

Building Trust in Digital Asset Infrastructure with Hardware Roots of Trust

Privacy Commissioner’s Report Affirms ZA Bank’s Customer Data Protection Measures

Author

Related Posts

Subscribe to Updates