Data Protection Enforcement Cases

The PDPC regularly publishes decisions relating to organisations that are found to have contravened the data protection provisions under the Personal Data Protection Act (PDPA). These decisions provide salient insights which organisations are strongly encouraged to take guidance from, and to implement measures to prevent similar occurrences. They also serve to remind individuals and organisations of their respective rights and obligations under the PDPA. In the longer term, the publication of cases on the PDPC's website aims to promote accountability among organisations to safeguard consumer interest and trust.

Date

Topic

10 Oct 2019

Breach of the Protection Obligation by Barnacles

A warning was issued to Barnacles Pte. Ltd. for failing to put in place reasonable measures to protect the personal data of individuals who had made dining reservations via its website; and retaining such personal data when it no longer had any legal or business purpose to retain it. As a result, the personal data of 149 individuals were accessible over the Internet.

10 Oct 2019

Breach of the Protection Obligation by ERGO Insurance

A warning was issued to ERGO Insurance Pte. Ltd. for failing to protect the personal data of its policyholders from unauthorised disclosure via its internet portal. The personal data of 57 policyholders were mistakenly disclosed to other insurance intermediaries.

10 Oct 2019

Breach of the Protection Obligation by Zero1 and XDel

Financial penalties of $4,000 and $7,000 were imposed on Zero1 and XDel respectively for failing to put in place reasonable measures to protect the personal data of the subscribers of Zero1.

10 Oct 2019

Breach of the Protection and Accountability Obligations by Advance Home Tutors

A financial penalty of $1,000 was imposed on Advance Home Tutors for failing to put in place reasonable security arrangements to protect the personal data collected from its tutors and for not developing and implementing data protection policies and practices necessary to ensure its compliance with PDPA.

10 Oct 2019

Breach of the Consent and Notification Obligations by Amicus Solutions and a Financial Consultant

Amicus Solutions and a financial consultant were issued directions, including to pay financial penalties of $48,000 and $10,000 respectively, for breaches of the PDPA. Amicus Solutions failed to notify and obtain consent for the disclosure of individuals’ personal data that it sold to the financial consultant who used such personal data for telemarketing purposes.

The PDPC regularly publishes decisions relating to organisations that are found to have contravened the data protection provisions under the Personal Data Protection Act (PDPA). These decisions provide salient insights which organisations are strongly encouraged to take guidance from, and to implement measures to prevent similar occurrences. They also serve to remind individuals and organisations of their respective rights and obligations under the PDPA. In the longer term, the publication of cases on the PDPC's website aims to promote accountability among organisations to safeguard consumer interest and trust.

Last updated on 10 Oct 2019