This morning, Channel News Asia reported the imposition of a S$50,000 fine on popular Singapore karaoke chain, K Box Entertainment Group, for not having sufficient security measures to protect the personal data of 317,000 members.
Specifically, it was found that K Box failed to:
A further financial penalty of S$10,000 was imposed on the IT vendor in charge of K Box’s content management system, Finantech Holdings, for failing to implement proper and adequate protective measures for the personal data in the system it had built and managed for K Box.
Other organisations that faced penalties or received warnings from the Personal Data Protection Commission of Singapore include: Institution of Engineers, Singapore and health supplements supplier, Fei Fah Medical Manufacturing. Challenger Technologies, Metro, Xirlynx Innovations, Full House Communications, Singapore Computer Society and Yes Tuition Agency.
Introduced in 2012, the Personal Data Protection Act (PDPA) of Singapore mandates that organisations must:
Source: Personal Data Protection Commission Singapore, 2015 (read more)
Personal data in this case includes but are not limited to the following:
PDPC Chairman Leong Keng Thai said the most common issue with the breaches has a lot to do with the adoption of inappropriate IT practices. The PDPC recognises that data plays a vital role in helping organisations innovate in today’s economy, and encourages the use of data in a responsible manner – just as you would handle commercially valuable information.
Singapore law requires that organisations must comply with the PDPA when collecting, using or disclosing personal data.
Find out how creating one can be easy, fast and affordable with Dragon Law’s web app:
Start a free trial
No minimum commitment, no credit card required.