Data Protection Enforcement Cases

The PDPC regularly publishes decisions relating to organisations that are found to have contravened the data protection provisions under the Personal Data Protection Act (PDPA). These decisions provide salient insights which organisations are strongly encouraged to take guidance from, and to implement measures to prevent similar occurrences. They also serve to remind individuals and organisations of their respective rights and obligations under the PDPA. In the longer term, the publication of cases on the PDPC's website aims to promote accountability among organisations to safeguard consumer interest and trust.

Date

Topic

09 Jan 2020

Breach of the Protection Obligation by L'Oreal Singapore

A warning was issued to L’Oreal Singapore for failing to put in place reasonable security arrangements to prevent the unauthorised disclosure of personal data of individuals on its website. The personal data of 7 individuals were compromised from a data breach incident involving its website.

09 Jan 2020

Breach of the Protection Obligation by Creative

A financial penalty of $15,000 was imposed on Creative for failing to put in place reasonable security arrangements to prevent the unauthorised disclosure of personal data of users of its online support forum.

09 Jan 2020

Breach of the Protection and Accountability Obligations by Society of Tourist Guides

Directions, including a financial penalty of $20,000, were imposed on Society of Tourist Guides for breaches of the PDPA. First, the organisation failed to put in place reasonable measures to protect its members’ personal data. Second, it did not appoint a data protection officer. Lastly, it did not have written policies and practices necessary to ensure its compliance with the PDPA.

09 Jan 2020

Breach of the Protection Obligation by PeopleSearch

A financial penalty of S$5,000 was imposed on PeopleSearch for failing to put in place reasonable security arrangements to protect personal data of its clients. The incident resulted in the data being subjected to a ransomware attack.

09 Jan 2020

Breach of the Protection Obligation by National Healthcare Group

A financial penalty of $6,000 was imposed on National Healthcare Group for failing to put in place reasonable security arrangements to protect a list containing the personal data of partner doctors and members of the public from being publicly accessible online.

The PDPC regularly publishes decisions relating to organisations that are found to have contravened the data protection provisions under the Personal Data Protection Act (PDPA). These decisions provide salient insights which organisations are strongly encouraged to take guidance from, and to implement measures to prevent similar occurrences. They also serve to remind individuals and organisations of their respective rights and obligations under the PDPA. In the longer term, the publication of cases on the PDPC's website aims to promote accountability among organisations to safeguard consumer interest and trust.

Last updated on 09 Jan 2020