Data Protection Enforcement Cases



12 Feb 2018

Discontinued Investigations Against My Digital Lock

The investigation on alleged disclosure of personal data by My Digital Lock has been discontinued. An advisory notice has been issued to My Digital Lock. The reasons for discontinuation are explained in the grounds of decision.

23 Jan 2018

Breach of Openness Obligation by 4 Hair Salons

Directions were issued to Jiwon Hair Salon, Next@Ion, Next Hairdressing and Initia for failing to put in place data protection policies to comply with the provisions of the PDPA.

11 Jan 2018

Breach of Consent and Notification Obligations by an Individual Selling Personal Data

A financial penalty of $6,000 was imposed on an individual for selling a database containing personal data, without notifying the individuals involved nor obtaining their consent.

29 Dec 2017

Breach of the Protection Obligation by Credit Counselling Singapore

A financial penalty of $10,000 was imposed on Credit Counselling Singapore for failing to make reasonable security arrangements to protect personal data of its debt management programme clients when sending out email.

29 Dec 2017

Breach of Protection Obligation by ComGateway

A financial penalty of $10,000 was imposed on ComGateway for not protecting its webpage against URL manipulation, which resulted in unauthorised disclosure of its customers' personal data.

For more cases where the organisations were found not in breach of the PDPA or where investigations were suspended, discontinued or refused pursuant to Section 50(3) of the PDPA, refer to the case summaries in the PDP Digest.

Last updated on 12 Feb 2018