Singapore’s PDPC Takes Action Against 11 Firms For Data Privacy Breaches

April 22, 2016


This morning, Channel News Asia reported the imposition of a S$50,000 fine on popular Singapore karaoke chain, K Box Entertainment Group, for not having sufficient security measures to protect the personal data of 317,000 members.

Specifically, it was found that K Box failed to:

  1. Update security patches to ensure its IT system security was sufficiently robust,
  2. Assign a Data Protection Officer to develop or implement data protection policies, and
  3. Impose strong control over access to personal data.

A further financial penalty of S$10,000 was imposed on the IT vendor in charge of K Box’s content management system, Finantech Holdings, for failing to implement proper and adequate protective measures for the personal data in the system it had built and managed for K Box.

Other organisations that faced penalties or received warnings from the Personal Data Protection Commission of Singapore include: Institution of Engineers, Singapore and health supplements supplier, Fei Fah Medical Manufacturing. Challenger Technologies, Metro, Xirlynx Innovations, Full House Communications, Singapore Computer Society and Yes Tuition Agency.

Introduced in 2012, the Personal Data Protection Act (PDPA) of Singapore mandates that organisations must:

  1. Clearly inform the individual the purpose(s) for which personal data will be collected, used or disclosed and obtain his/her consent,
  2. Implement a formal process for the withdrawal of consent by individuals in respect of the collection, use or disclosure of their personal data,
  3. Limit the use of personal data collected to only purposes that you have obtained consent for,
  4. Make reasonable effort to verify that the personal data kept are accurate and complete (i) prior to any use to make a decision that affects the individual or (ii) prior to disclosure; and
  5. Designated one or more individuals (who may be referred to as Data Protection Officers) to be responsible for ensuring that the data protection policies and practices of your organisation are in compliance with the PDPA.

Source: Personal Data Protection Commission Singapore, 2015 (read more)

Personal data in this case includes but are not limited to the following:

  • Full name
  • NRIC or FIN number
  • Passport number
  • Photograph or video image of an individual
  • Mobile telephone number
  • Personal email address
  • Thumbprint
  • DNA profile
  • Name and residential address
  • Name and residential telephone number

PDPC Chairman Leong Keng Thai said the most common issue with the breaches has a lot to do with the adoption of inappropriate IT practices. The PDPC recognises that data plays a vital role in helping organisations innovate in today’s economy, and encourages the use of data in a responsible manner – just as you would handle commercially valuable information.

Singapore law requires that organisations must comply with the PDPA when collecting, using or disclosing personal data.

Does your organisation have a Data Protection Policy in place?

Find out how creating one can be easy, fast and affordable with Dragon Law’s web app:

Start a free trial

Create a Website Privacy Policy for free.
No minimum commitment, no credit card required.

Read the original article on Channel News Asia

Leave a Reply

Your email address will not be published.

  • helpful site says:

    … [Trackback]

    […] Informations on that Topic: dragonlaw.io/blog/post/singapore-pdpc/ […]

    Reply to helpful
  • manicure says:

    My partner and I stumbled over here coming from a different website and thought I
    might as well check things out. I like what I see so now i’m following you.
    Look forward to looking into your web page yet again.

    Reply to manicure
  • manicure says:

    After checking out a few of the blog articles on your website, I truly appreciate your way of blogging.
    I book-marked it to my bookmark webpage list and will be checking back in the near future.
    Please visit my website as well and let me know what you think.

    Reply to manicure
  • … [Trackback]

    […] Find More Informations here: dragonlaw.io/blog/post/singapore-pdpc/ […]

    Reply to ICQ
  • … [Trackback]

    […] Informations on that Topic: dragonlaw.io/blog/post/singapore-pdpc/ […]

    Reply to oral
  • … [Trackback]

    […] There you will find 64241 more Infos: dragonlaw.io/blog/post/singapore-pdpc/ […]

    Reply to http://tinyurl.com/Vorardenth
  • … [Trackback]

    […] Find More Informations here: dragonlaw.io/blog/post/singapore-pdpc/ […]

    Reply to scr888
  • … [Trackback]

    […] Read More here: dragonlaw.io/blog/post/singapore-pdpc/ […]

    Reply to economics
  • w88asia says:

    … [Trackback]

    […] Find More Informations here: dragonlaw.io/blog/post/singapore-pdpc/ […]

    Reply to w88asia
  • … [Trackback]

    […] Read More here: dragonlaw.io/blog/post/singapore-pdpc/ […]

    Reply to roofers
  • … [Trackback]

    […] Read More here: dragonlaw.io/blog/post/singapore-pdpc/ […]

    Reply to click
  • Some times its a pain in the ass to read what people wrote
    but this website is real user genial!

    Reply to debt
  • Hello very cool website!! Man .. Beautiful .. Superb .. I’ll bookmark your website and take the feeds also?KI’m glad to find so many helpful information right here in the publish, we want work out more strategies on this regard, thank you for sharing. . . . . .

    Reply to corburt
  • check backlinks with pagerank

    shvyvlhcm yqswb azygbeu yhln dtqeyoddfxlnfmf

    Reply to check
  • I truly appreciate your work, Great post.

    Reply to Side
  • Foot Corns says:

    Just wish to say your article is as astounding. The clearness
    on your publish is simply excellent and i can assume
    you’re a professional in this subject. Fine along with your
    permission allow me to take hold of your feed to keep updated with impending post.

    Thank you a million and please continue the enjoyable work.

    Reply to Foot
  • Hammertoe says:

    Hi there colleagues, how is everything, and what you desire to
    say concerning this piece of writing, in my view its genuinely remarkable in favor of me.

    Reply to Hammertoe
  • […] is overseen in Hong Kong and Singapore by the Privacy Commissioner for Personal Data (PCPD) and the Personal Data Protection Council (PDPC) […]

    Reply to The
  • Like what you just read?

    Subscribe to our newsletter and be the first to hear of
    the latest Dragon happenings, tips and insights!