Six organisations were issued directions for breaches of the PDPA.

Financial penalties of $24,000 and $18,000 were imposed on CDP and Toppan Security Printing respectively for unauthorised disclosure of CDP's account holders' personal data.

Directions, including a financial penalty of $5,000 was imposed on Championtutor for not having a data protection officer (DPO) or any policies or practices in place to comply with the PDPA.

A financial penalty of $16,000 was imposed on Genki Sushi for failing to put in place reasonable security arrangements to protect personal data of its employees, which resulted in a ransomware attack.

A financial penalty of $54,000 was imposed on Horizon Fast Ferry for the lack of a DPO, failing to develop and implement data protection policies and practices, and not putting in place reasonable security arrangements to protect its customers' personal data.

Directions were issued to Avant Logistic Service for the unauthorised disclosure of customers' personal data by an employee.

Access the Decisions here.