Data Protection Enforcement Cases

The PDPC regularly publishes decisions relating to organisations that are found to have contravened the data protection provisions under the Personal Data Protection Act (PDPA). These decisions provide salient insights which organisations are strongly encouraged to take guidance from, and to implement measures to prevent similar occurrences. They also serve to remind individuals and organisations of their respective rights and obligations under the PDPA. In the longer term, the publication of cases on the PDPC's website aims to promote accountability among organisations to safeguard consumer interest and trust.

Date

Topic

06 Sep 2019

Breach of the Protection, Retention and Accountability Obligations by O2 Advertising

Directions, including a financial penalty of $10,000, were imposed on O2 Advertising for breaches of the PDPA. The organisation failed to put in place reasonable measures to protect individuals’ personal data collected from an advertising campaign and did not cease retention of such data when it was no longer required. The organisation was also directed to appoint a data protection officer and put in place data protection policies and practices.

06 Sep 2019

Breach of the Accountability Obligation by Executive Link Services

A financial penalty of $5,000 was imposed on Executive Link Services for breaches of the PDPA. The organisation failed to appoint a data protection officer and did not have written policies and practices necessary to ensure its compliance with the PDPA.

06 Sep 2019

Breach of the Protection Obligation by Friends Provident International

A warning was issued to Friends Provident International for failing to protect the personal data of its policyholders from unauthorised disclosure via its online portal. 

02 Aug 2019

Breach of the Protection Obligation by Avant Logistic Service

Directions were issued to Avant Logistic Service for failing to make reasonable security arrangements to prevent the unauthorised disclosure of customers' personal data. The lapses resulted in personal data of customers being disclosed by an employee.

02 Aug 2019

Breach of the Protection Obligation by Horizon Fast Ferry

A financial penalty of $54,000 was imposed on Horizon Fast Ferry for failing to appoint a data protection officer, develop and implement data protection policies and practices, and put in place reasonable security arrangements to protect the personal data collected from its customers.

The PDPC regularly publishes decisions relating to organisations that are found to have contravened the data protection provisions under the Personal Data Protection Act (PDPA). These decisions provide salient insights which organisations are strongly encouraged to take guidance from, and to implement measures to prevent similar occurrences. They also serve to remind individuals and organisations of their respective rights and obligations under the PDPA. In the longer term, the publication of cases on the PDPC's website aims to promote accountability among organisations to safeguard consumer interest and trust.

Last updated on 06 Sep 2019