Data Protection Enforcement Cases

The PDPC regularly publishes decisions relating to organisations that are found to have contravened the data protection provisions under the Personal Data Protection Act (PDPA). These decisions provide salient insights which organisations are strongly encouraged to take guidance from, and to implement measures to prevent similar occurrences. They also serve to remind individuals and organisations of their respective rights and obligations under the PDPA. In the longer term, the publication of cases on the PDPC's website aims to promote accountability among organisations to safeguard consumer interest and trust.

Date

Topic

02 Aug 2019

Breach of the Protection Obligation by Avant Logistic Service

Directions were issued to Avant Logistic Service for failing to make reasonable security arrangements to prevent the unauthorised disclosure of customers' personal data. The lapses resulted in personal data of customers being disclosed by an employee.

02 Aug 2019

Breach of the Protection Obligation by Horizon Fast Ferry

A financial penalty of $54,000 was imposed on Horizon Fast Ferry for failing to appoint a data protection officer, develop and implement data protection policies and practices, and put in place reasonable security arrangements to protect the personal data collected from its customers.

02 Aug 2019

Breach of the Protection Obligation by Genki Sushi

A financial penalty of $16,000 was imposed on Genki Sushi for failing to put in place reasonable security arrangements to protect personal data of its employees. The incident resulted in the data being subjected to a ransomware attack.

02 Aug 2019

Breach of the Openness Obligation by Championtutor

Directions, including a financial penalty of $5,000, were imposed on Championtutor for breaches of the PDPA. The organisation failed to appoint a data protection officer and did not have written policies and practices necessary to ensure its compliance with  the PDPA.

02 Aug 2019

Breach of the Protection Obligation by CDP and Toppan Security Printing

Financial penalties of $24,000 and $18,000 were imposed on CDP and Toppan Security Printing respectively for failing to put in place reasonable security arrangements to protect the data of CDP's account holders from unauthorised disclosure. The incident resulted in each of the affected account holder's personal data being printed onto another account holder's notification letter.

The PDPC regularly publishes decisions relating to organisations that are found to have contravened the data protection provisions under the Personal Data Protection Act (PDPA). These decisions provide salient insights which organisations are strongly encouraged to take guidance from, and to implement measures to prevent similar occurrences. They also serve to remind individuals and organisations of their respective rights and obligations under the PDPA. In the longer term, the publication of cases on the PDPC's website aims to promote accountability among organisations to safeguard consumer interest and trust.

Last updated on 02 Aug 2019