(AAB Appeal No. 62 of 2016)
Data access requests on company's bank statements – director acted as guarantor and mortgagor of company's loans – director's contingent liability reflected in credit reference report – definition of "account data" – Code of Practice on Consumer Credit Data – when liability to pay arose - default event
Coram:
Mr. Alan Ng Man-sang (Presiding Chairman)
Ms. Julienne JEN (Member)
Ms. Poon Wing-yin (Member)
Date of Decision : 15 April 2019
Facts
The following facts represent the common background of this appeal, and two other appeals lodged by the same Appellant (AAB No.63/2016 and AAB No.71/2016) :-
(1) The Appellant and his wife were the controlling directors and shareholders of the company. Since 1997, the company had borrowed a number of loans from the bank. The Appellant and his wife had also mortgaged their property to the bank as security for the company's loans, and entered into a number of guarantees for those loans. In 2004, the property was sold and the net sale proceeds were paid to the bank in partial settlement of the company's loans.
(2) As the company later defaulted in payment of the loans, the bank demanded in writing full payment of the loans from the company, the Appellant and his wife in early 2015. A High Court action was issued by the bank against all these parties, and judgment was later entered in the bank's favour.
In this case, the Appellant lodged 48 data access requests with the bank seeking the balance of six accounts held by the company as at 48 specified dates from 30 June 2002 to 13 October 2014. The banks refused such requests on the ground that the company was the holder of those accounts, and therefore their balances did not constitute the Appellant's personal data. The Appellant subsequently filed his complaint with the Commissioner against the bank for failure to comply with his 48 data access requests.
The Commissioner's Decision
The Appellant took the view that given the indebtedness of the company was reflected in his credit reference report, such indebtedness constituted his "consumer credit data" as defined in Clause 1.8 of the Code of Practice on Consumer Credit Data (CCD Code).
The Commissioner decided not to proceed with the Appellant's complaint on the following reasons :-
(1) The Commissioner considered that the account balances did not fall within the definition of "consumer credit data", as they did not constitute "personal data" of the individual in question, i.e. the Appellant.
(2) The company was the "Principal Debtor" of those loan accounts, whereas the Appellant and his wife were the "Guarantors" undertaking to pay the company's outstanding loans. However, the Appellant's liability to pay did not arise until the "default event" took place in early 2015 when the bank demanded full payment from him.
Dissatisfied with the Commissioner's decision, the Appellant lodged an appeal to the AAB.
The Appeal
The AAB affirmed the Commissioner's decision that those bank statements showing the company's indebtedness did not contain the Appellant's personal data.
The Appellant argued that under Clauses 21(a) and (b) of the Guarantee, the Appellant and his wife (being the Guarantors for the loans made to the company) were expressed to be "liable as an independent principal debtor". The AAB accepted the Commissioner's interpretation that these clauses only served to facilitate enforcement action against the Guarantors directly without recourse to the company being the Principal Debtor.
The Appellant relied on the definition of "account data" in Clause 1.2 of the CCD Code, which included data revealing the contingent liability of the individual as mortgagor or guarantor. The AAB accepted the Commissioner's argument that the company's indebtedness would not become the "account data" of the Appellant as the Guarantor until the default event occurred in early 2015. As the requested data covered the balances of the company's accounts held from 30 June 2002 to 13 October 2014 which predated the default event, the AAB considered that the Commissioner was correct in ruling that the bank was not obliged to comply with the 48 data access requests.
The AAB's Decision
The appeal was dismissed.
(Uploaded in October 2019)