For breaching the Protection Obligation, a financial penalty of $8,000 was imposed on Fortytwo for failing to put in place reasonable security arrangements to protect users' personal data in its possession or under its control.

Directions were issued to The Law Society of Singapore to conduct a security audit of its technical and administrative arrangements for accounts with administrative privileges that can access directly and/or create access to personal data, and to rectify any gaps identified. Directions were also issued to another organisation, Kingsforce Management Services to ensure their implementation of regular patching, updates and upgrades for all software and firmware supporting its website(s) and application through which personal data in its possession may be accessed. 

Additionally, the PDPC has accepted an undertaking from one organisation which implemented remediation plans that rectified the immediate breach and addressed systemic shortcomings to ensure continual compliance with the PDPA.

Access the Decisions here and Undertakings here.

Follow us on Telegram for the latest updates on personal data protection: https://t.me/pdpcsg