For breaching the Protection Obligation, a financial penalty of $20,000 was imposed on Trinity Christian Centre for failing to put in place reasonable security arrangements to prevent the unauthorised access of individuals' personal data hosted in its database servers. A financial penalty of $35,000 was also imposed on GeniusU for failing to put in place reasonable security arrangements to prevent the unauthorised access and exfiltration of individuals' personal data stored in its staging database.

For breaching the Accountability Obligation, directions were issued to ACL Construction (S) for breach of the PDPA in relation to failure to appoint a data protection officer and no policies and practices in place to comply with the PDPA.

The PDPC also accepted an undertaking from an organisation which implemented remediation plans that rectified the immediate breach and addressed systemic shortcomings to ensure continual compliance with the PDPA.

Access the Decisions here and Undertakings here.

Follow us on Telegram for the latest updates on personal data protection: https://t.me/pdpcsg