Data Protection Enforcement Cases

The PDPC regularly publishes decisions relating to organisations that are found to have contravened the data protection provisions under the Personal Data Protection Act (PDPA). These decisions provide salient insights which organisations are strongly encouraged to take guidance from, and to implement measures to prevent similar occurrences. They also serve to remind individuals and organisations of their respective rights and obligations under the PDPA. In the longer term, the publication of cases on the PDPC's website aims to promote accountability among organisations to safeguard consumer interest and trust.

Date

Topic

05 Dec 2019

Breach of the Accountability Obligation by Saturday Club

Saturday Club was found in breach of the PDPA for failing to put in place written policies and practices necessary to ensure its compliance with the PDPA. Saturday Club was directed to put in place a data protection policy to comply with the provisions of the PDPA and to conduct training to ensure its employees are aware of and comply with the requirements of the PDPA.

05 Dec 2019

Breach of the Protection Obligation by Honestbee

A financial penalty of $8,000 was imposed on Honestbee for failing to put in place reasonable security arrangements to protect the personal data of individuals. The data of about 8,000 individuals was stored in the cloud without access restrictions.

05 Dec 2019

Breach of the Protection and Accountability Obligations by Global Outsource Solutions

Global Outsource Solutions was found in breach of the PDPA for failing to put in place reasonable security arrangements to protect the personal data collected by its website and for failing to develop and implement data protection policies. This resulted in the disclosure of personal data of customers on the organisation’s online warranty registration portal. Global Outsource Solutions was directed to develop and implement policies for data protection and staff training in data protection, and to put all employees handling personal data through such training.

05 Dec 2019

Breach of the Protection Obligation by Chizzle

Directions, including a financial penalty of $8,000, were imposed on Chizzle for failing to put in place reasonable security arrangements to protect the personal data of users of its mobile application. The organisation was also directed to develop an IT security policy, review and revise its developmental processes in order to adopt a data protection by design approach for future enhancements to its mobile application. 

05 Dec 2019

Breach of the Protection and Accountability Obligations by The Travel Corporation (2011)

A financial penalty of $12,000 was imposed on The Travel Corporation (2011) for breaches of the PDPA. The Organisation failed to appoint a data protection officer and did not put in place reasonable security arrangements to protect its customers’ personal data stored in portable storage devices.

The PDPC regularly publishes decisions relating to organisations that are found to have contravened the data protection provisions under the Personal Data Protection Act (PDPA). These decisions provide salient insights which organisations are strongly encouraged to take guidance from, and to implement measures to prevent similar occurrences. They also serve to remind individuals and organisations of their respective rights and obligations under the PDPA. In the longer term, the publication of cases on the PDPC's website aims to promote accountability among organisations to safeguard consumer interest and trust.

Last updated on 05 Dec 2019