For breaching the Protection Obligation, a financial penalty of $67,000 was imposed on Quoine for failing to put in place reasonable security arrangements to protect the personal data in its possession.
Similarly, a financial penalty of $12,000 was imposed on Terra Systems for failing to put in place reasonable security arrangements to protect the personal data of individuals in its customer relationship management portal in Re Terra Systems Pte Ltd  SGPDPC 7. An application for reconsideration was filed against the decision in Re Terra Systems Pte Ltd  SGPCPC 7. Upon review and careful consideration of the application, the Commissioner had decided to affirm the finding of the breach of section 24 of the PDPA as set out in the decision and the financial penalty in the Reconsideration Decision.
A financial penalty of $10,000 was also imposed on Audio House for failing to put in place reasonable security arrangements to protect the personal data in its possession from a ransomware attack.
Directions were issued to Crawfort to conduct a security audit of its technical and administrative arrangements for its AWS S3 environment and rectify any security gaps identified in the audit report. This is pursuant to a data breach incident where Crawfort's customer database were offered for sale in the dark web.
The PDPC also accepted undertaking from 2 organisations, HSL Constructor Pte Ltd and Asia Petworld Pte Ltd, which implemented remediation plans that rectified the immediate breach and addressed systemic shortcomings to ensure continual compliance with the PDPA.
Follow us on Telegram for the latest updates on personal data protection: https://t.me/pdpcsg