New Commission's Decisions and Undertakings on 16 June 2022

16 Jun 2022

For breaching of the Protection Obligation, a financial penalty of $22,000 was imposed on Vhive for failing to put in place reasonable security arrangements to protect the personal data in its possession from a ransomware attack. For breaching of the Consent and Notification Obligations under the PDPA, warnings were issues to three insurance financial advisers - Ngian Wen Hao Dennis, Chua Puay Hwa Melissa and Winarto in relation to two incidents involving the unauthorised collection and disclosure of individuals' personal data in 2019 and 2020.

Additionally, Aman Group S.a.r.l and/or Amanresort International and SLP Scotia and SLP International Property Consultants were found not in breach of the PDPA in relation to incidents involving unauthorised access to its servers and exfiltration of personal data and complaints regarding alleged collection and disclosure of personal data without consent respectively. 

The PDPC also accepted an undertaking from an organisation which implemented remediation plans that rectified the immediate breach and addressed systemic shortcomings to ensure continual compliance with the PDPA.

Access the Decisions here and Undertakings here.

Follow us on Telegram for the latest updates on personal data protection: https://t.me/pdpcsg