Data Protection Enforcement Cases


Date

Topic

02 Aug 2018

No Breach of the Access Obligation by MCST 4436 (River Isles)

MCST 4436 (River Isles) was not found to be in breach of the PDPA in relation to allowing subsidiary proprietors to view CCTV footage.

22 Jun 2018

Breach of Protection Obligation by Singapore Taekwondo Federation

A financial penalty of $30,000 was imposed on Singapore Taekwondo Federation for failing to make reasonable security arrangements to prevent the unauthorised disclosure of minors’ NRIC numbers on its website. Directions were also issued to the organisation to appoint a data protection officer and to put in place data protection policy.

11 Jun 2018

Breach of Protection Obligation by Flight Raja Travels

Directions were issued to Flight Raja Travels for failing to make reasonable security arrangements to prevent unauthorised disclosure of individuals’ personal data on its online travel booking system.

24 May 2018

Breach of Consent and Purpose Limitation Obligations by Spring College International

Spring College International failed to notify and obtain consent from the parents of young students before disclosing online the students’ personal data for marketing purposes. Directions were issued to Spring College International.

14 May 2018

No Breach of Accuracy and Retention Obligations by Credit Bureau Singapore

Credit Bureau (Singapore) was not found to be in breach of the PDPA in relation to the information contained in its Enhanced Consumer Credit Report.

Last updated on 02 Aug 2018