Data Protection Enforcement Cases

For more cases where the organisations were found not in breach of the PDPA or where investigations were suspended, discontinued or refused pursuant to Section 50(3) of the PDPA, refer to the case summaries in the PDP Digest.


Date

Topic

19 Apr 2018

Breach of Protection Obligation by Aviva

A financial penalty of $30,000 was imposed on Aviva for failing to make reasonable security arrangements to prevent the unauthorised disclosure of personal data of policyholders. This is a second case within a period of 12 months.

19 Apr 2018

Breach of Consent and Purpose Limitation Obligations by Actxa

A financial penalty of $6,000 was imposed on Actxa for breach of Section 13 (Consent Obligation) and Section 18 (Purpose Limitation Obligation) of the PDPA.

12 Feb 2018

Discontinued Investigations Against My Digital Lock

The investigation on alleged disclosure of personal data by My Digital Lock has been discontinued. An advisory notice has been issued to My Digital Lock. The reasons for discontinuation are explained in the grounds of decision.

23 Jan 2018

Breach of Openness Obligation by 4 Hair Salons

Directions were issued to Jiwon Hair Salon, Next@Ion, Next Hairdressing and Initia for failing to put in place data protection policies to comply with the provisions of the PDPA.

11 Jan 2018

Breach of Consent and Notification Obligations by an Individual Selling Personal Data

A financial penalty of $6,000 was imposed on an individual for selling a database containing personal data, without notifying the individuals involved nor obtaining their consent.

For more cases where the organisations were found not in breach of the PDPA or where investigations were suspended, discontinued or refused pursuant to Section 50(3) of the PDPA, refer to the case summaries in the PDP Digest.

Last updated on 19 Apr 2018