Four organisations were found in breach of the PDPA. 

Financial penalties amounting to S$35,000 were issued to Singapore Red Cross Society, Grabcar and Civil Service Club for breaches of the Protection and Retention Limitation obligations, while Singapore Medical Association was issued a warning for breach of the Protection Obligation.

Singapore Telecommunications Limited was found not in breach for failing to make reasonable security arrangements to prevent the unauthorised access of its customers’ personal data via the mySingtel mobile application.

In addition, the PDPC accepted undertakings from 3 organisations which implemented remediation plans that rectified the immediate breach and addressed systemic shortcomings to ensure continual compliance with the PDPA.

Access the Decisions here and undertakings here.