skip to Main Content
BY THE SINGAPOREAN DATA PROTECTION AUTHORITY: New Commission’s Decisions On 3 August 2020

BY THE SINGAPOREAN DATA PROTECTION AUTHORITY: New Commission’s Decisions on 3 August 2020

This post is also available in: Italiano Español

Eight organisations were found in breach of the PDPA.

Financial penalties amounting to $47,000 were issued to The Central Depository (Pte) Limited, MDIS Corporation and Singapore Accountancy Commission for breach of the Protection obligation.

Also, for breaching the Protection obligation, a warning was issued each to Zero1 Pte Ltd and IP Tribe Pte Ltd, MCST 3400, FWD Singapore, Jean Yip Salon and Actstitude for failing to put in place reasonable security arrangements to prevent unauthorised disclosure of personal data.

The Personal Data Protection Commission (PDPC) publishes decisions relating to organisations that are found to have contravened the data protection provisions under the Personal Data Protection Act (PDPA). These decisions provide valuable insights and lessons so that organisations can implement measures to prevent similar occurrences. They also serve to remind individuals and organisations of their respective rights and obligations under the PDPA. In the longer term, the publication of cases aims to promote accountability among organisations to build and strengthen consumer trust and confidence.

The PDPC also takes a proactive approach in assisting organisations to comply with the PDPA. Apart from conducting outreach activities and issuing advisory guidelines, PDPC has also developed a suite of practical resources from competency development to capacity building that is available for download.

Breach of the Protection Obligation by Singapore Accountancy Commission

A financial penalty of $5,000 was imposed on Singapore Accountancy Commission for failing to put in place reasonable security arrangements to prevent the unauthorised access of 6,541 Singapore Chartered Accountant Qualification programme personnel and candidates’ personal data.

Decision - Singapore Accountancy Commission - 22062020

Breach of the Protection Obligation by Zero1 and IP Tribe

A warning was issued to Zero1 and IP Tribe respectively for failing to put in place reasonable security arrangements to prevent the unauthorised disclosure of 118 individuals’ personal data contained in invoices which were sent to incorrect recipients.

Decision - Zero1 and IP Tribe - 07042020

Breach of the Protection Obligation by Actstitude

A warning was issued to Actstitude for failing to put in place reasonable security arrangements to prevent the unauthorised disclosure of individuals’ personal data. Over 160 individuals uploaded their resumes to Actstitude’s website and their personal data were accessible over the Internet.

Decision - Actstitude Pte Ltd - 20032020

Breach of the Protection Obligation by Jean Yip Salon

A warning was issued to Jean Yip Salon for failing to put in place reasonable security arrangements to prevent the unauthorised disclosure of personal data of its employees. As a result, the personal data of 28 individuals were accessible over the Internet.

Decision - Jean Yip Salon Pte Ltd -13032020

Breach of the Protection Obligation by FWD Singapore

A warning was issued to FWD Singapore for failing to put in place reasonable security arrangements to prevent the unauthorised disclosure of 71 individuals’ personal data contained in payment advice letters which were sent to incorrect recipients.

FWD Singapore Pte Ltd - Summary of Decision - 13032020

Breach of the Protection Obligation by CDP

A financial penalty of $32,000 was imposed on CDP for failing to put in place reasonable security arrangements to prevent the unauthorised disclosure of individuals’ personal data. Mail sent by CDP were addressed to incorrect recipients.

Decision - The Central Depository (Pte) Limited 30032020

Breach of the Protection Obligation by MDIS Corporation

A financial penalty of $10,000 was imposed on MDIS Corporation for failing to put in place reasonable security arrangements to protect the personal data of individuals on its website. These individuals had provided their personal data to MDIS Corporation for registration purposes to attend its courses.

Decision - MDIS Corporation Pte Ltd - 17032020

Breach of THE protection requirement from MCST 3400
A warning has been issued to MCST 3400 for failing to put in place adequate security measures to prevent unauthorized access to the personal data of 562 people stored in an internal directory.

Decision - MCST 3400-17032020

Breach of the protection requirement by SSA Group International
A warning has been issued to SSA Group International for failing to put in place adequate security measures to prevent unauthorized access to the course registration information of 53 people who were publicly available via its web page.

SOURCE: AUTORITA’ PER LA PROTEZIONE DEI DATI DI SINGAPORE 

Back To Top