Data Protection Enforcement Cases


Date

Topic

22 Jun 2018

Breach of Protection Obligation by Singapore Taekwondo Federation

A financial penalty of $30,000 was imposed on Singapore Taekwondo Federation for failing to make reasonable security arrangements to prevent the unauthorised disclosure of minors’ NRIC numbers on its website. Directions were also issued to the organisation to appoint a data protection officer and to put in place data protection policy.

11 Jun 2018

Breach of Protection Obligation by Flight Raja Travels

Directions were issued to Flight Raja Travels for failing to make reasonable security arrangements to prevent unauthorised disclosure of individuals’ personal data on its online travel booking system.

24 May 2018

Breach of Consent and Purpose Limitation Obligations by Spring College International

Spring College International failed to notify and obtain consent from the parents of young students before disclosing online the students’ personal data for marketing purposes. Directions were issued to Spring College International.

14 May 2018

No Breach of Accuracy and Retention Obligations by Credit Bureau Singapore

Credit Bureau (Singapore) was not found to be in breach of the PDPA in relation to the information contained in its Enhanced Consumer Credit Report.

14 May 2018

No Breach of Consent Obligation by MyRepublic

MyRepublic was found not in breach of the consent obligation with respect to the use of an individual’s personal data for debt recovery purposes.

Last updated on 22 Jun 2018