pdpc_decisions_version_detail (view)
3 rows where "date" is on date 2018-05-03
This data as json, CSV (advanced)
Suggested facets: tags, nature, decision, _commit_at (date), date (date), timestamp (date), tags (array), _changed_columns (array)
| _commit_at | _commit_hash | _id | _item | _version | _commit | description | tags | date | pdf-url | nature | title | url | timestamp | pdf-content | decision | _item_full_hash | _changed_columns |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 190 | 190 | 1 | 952 | A financial penalty of $9,000 was imposed on AIG for failing to make reasonable security arrangements to prevent the unauthorised disclosure of personal data. This case involved an incorrect facsimile number used by AIG on its renewal notices. | [
"Protection",
"Financial Penalty",
"Finance and Insurance"
] |
2018-05-03 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds_of_Decision_AIG_030518.pdf | Protection | Breach of Protection Obligation by AIG | https://www.pdpc.gov.sg/all-commissions-decisions/2018/05/breach-of-protection-obligation-by-aig | 2018-05-03 | PERSONAL DATA PROTECTION COMMISSION [2018] SGPDPC 8 Case No DP-1707-B0901 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And AIG Asia Pacific Insurance Pte. Ltd. … Organisation DECISION AIG Asia Pacific Insurance Pte. Ltd. Tan Kiat How, Commissioner — Case No DP-1707-B0901 3 May 2018 Background 1 On 30 June 2017, the Personal Data Protection Commission (the “Commission”) received a data breach notification from the Organisation, AIG Asia Pacific Insurance Pte. Ltd (the “Organisation” or “AIG”), informing the Commission that: (a) the personal data of some of the Organisation’s policyholders (for its Individual Personal Accident product) had been compromised and disclosed to an unauthorised party (the “Unauthorised Disclosure”); and (b) the Unauthorised Disclosure had occurred because the Organisation had stipulated an incorrect facsimile number on the policy renewal notices issued to its policyholders, which had caused its policyholders to fax their renewal notices to a third party, Tokyu Hands Singapore Pte. Ltd. (“Tokyu Hands”) instead of the Organisation. 2 On account of the notification made, the Commissioner commenced an investigation under section 50 of the Personal Data Protection Act 2012 (the “PDPA”) to ascertain whether the Organisation had breached its obligations under the PDPA. The Commissioner’s findings and decision are set out below. AIG Asia Pacific Insurance Pte. Ltd [2018] SGPDPC 8 Material Facts 3 The Organisation is a general insurance company, and among the largest 4 The Organisation implemented a new electronic policy administration general insurance companies in Singapore. system on 29 November 2016. This system was responsible for generating forms including for its Individual Personal Accident product. These forms included the quote application form, endorsement quote form, policy schedule, endorsement schedule and renewal notice. 5 The form which is the subject of the data breach notification is the renewal notice… | Financial Penalty | a778a93346bf023cc07d334e01a78d1dcd71299d | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 191 | 191 | 1 | 952 | A financial penalty of $10,000 was imposed on NTUC Income for lapses in its print process which resulted in an unauthorised disclosure of personal data of 212 individuals. | [
"Protection",
"Financial Penalty",
"Finance and Insurance"
] |
2018-05-03 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds_of_Decision_NTUC_Income_Insurance_Co-operative_030518.pdf | Protection | Breach of the Protection Obligation by NTUC Income | https://www.pdpc.gov.sg/all-commissions-decisions/2018/05/breach-of-the-protection-obligation-by-ntuc-income | 2018-05-03 | PERSONAL DATA PROTECTION COMMISSION [2018] SGPDPC 10 Case No DP-1706-B0894 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And NTUC Income Insurance Co-operative Ltd … Organisation DECISION NTUC Income Insurance Co-operative Ltd NTUC Income Insurance Co-operative Ltd [2018] SGPDPC 10 Tan Kiat How, Commissioner— Case No DP-1706-B0894 Date: 3 May 2018 Background 1 This matter deals with a flaw in the design of the Organisation’s processes surrounding the printing of various types of letters resulting in the unauthorised disclosure of personal data of 214 of the Organisation’s clients (the “Impacted Clients”). Material Facts 2 The Organisation is an insurance co-operative that offers various types of insurance plans to its policyholders. 3 On 21 June 2017, a customer (the “Complainant”) of the Organisation lodged a complaint (the “Complaint”) with the Personal Data Protection Commission (“PDPC”) alleging that she received a duplex printed letter from the Organisation correctly addressed to her, but the reverse of which was a letter addressed to another client of the Organisation. Subsequently, on 30 June 2017, the Organisation submitted a voluntary notification of a breach of the Personal Data Protection Act 2012 (the “PDPA”) which confirmed the Complainant’s allegations and provided details surrounding the Complaint. 2 NTUC Income Insurance Co-operative Ltd 4 On 5 June 2017, the Organisation printed a batch of 426 letters that were sent out to its clients. These letters were no more than a page long. The vast majority of the 426 letters (the “Policy Letters”) that the Organisation printed were letters reminding its clients to pay their insurance premium (“Premium Reminder Letters”). This batch of letters also included 6 letters (“Policy Cancellation Letters”) informing the relevant clients of the termination of their insurance policies with the Organisation, and 32 letters recording the relevant clients’ non-acceptance of the Organisation’s offer of… | Financial Penalty | bed61db05f60a9ee91df93b1594e6b3f45923cb9 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 192 | 192 | 1 | 952 | Directions were issued to Habitat for Humanity Singapore for breaches of the PDPA. The organisation did not make reasonable security arrangements to prevent unauthorised disclosure of its volunteers’ personal data, failed to put in place data protection policies, and omitted to communicate data protection policies and practices to its staff. | [
"Accountability",
"Protection",
"Directions",
"Social Service"
] |
2018-05-03 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds_of_Decision_Habitat_for_Humanity_Singapore_030518.pdf | Accountability, Protection | Breach of Openness and Protection Obligations by Habitat for Humanity Singapore | https://www.pdpc.gov.sg/all-commissions-decisions/2018/05/breach-of-openness-and-protection-obligations-by-habitat-for-humanity-singapore | 2018-05-03 | PERSONAL DATA PROTECTION COMMISSION [2018] SGPDPC 9 Case No DP-1707-B0971 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And Habitat for Humanity Singapore Ltd … Organisation DECISION Habitat for Humanity Singapore Ltd [2018] SGPDPC 9 Yeong Zee Kin, Deputy Commissioner — Case No DP-1707-B0971 3 May 2018 Background 1 On 20 July 2017, the Organisation sent out an email to 32 of its volunteers with a PDF attachment comprising a batch of community involvement programme (“CIP”) letters (the “CIP Letters”) acknowledging the participation of each volunteer at an event organised by the Organisation (the “Incident”). The Personal Data Protection Commission (the “PDPC”) was informed of the Incident on 22 July 2017 and commenced its investigations thereafter. I set out below my findings and grounds of decision based on the investigations carried out in this matter. Material Facts 2 The Organisation is a registered charity under the National Council of Social Services, which objectives include seeking to eliminate poverty housing worldwide by providing decent and affordable housing. In furtherance of its objectives, the Organisation organises community involvement programmes, where volunteers can participate in activities such as mass clean-up events. After such events, the Organisation would generally send out a CIP letter to acknowledge and verify each individual volunteer’s participation. Habitat for Humanity Singapore Ltd 3 [2018] SGPDPC 9 The Incident involved the disclosure of a batch of CIP Letters in an email (the “Email”) that was prepared by a manager (the “Manager”) in the Organisation. The CIP Letters were created using the mail merge function in Microsoft Word which would fill in a CIP letter template with the names and NRIC numbers of the volunteers. This created a single Microsoft Word document containing the CIP Letters for all the volunteers, which the Manager then converted from Microsoft Word to PDF format. The Manager then sent the PDF contai… | Directions | 2f49f6f980fa80609521241128a33eb6a528f5a9 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
Advanced export
JSON shape: default, array, newline-delimited
CREATE VIEW pdpc_decisions_version_detail AS select
commits.commit_at as _commit_at,
commits.hash as _commit_hash,
pdpc_decisions_version.*,
(
select json_group_array(name) from columns
where id in (
select column from pdpc_decisions_changed
where item_version = pdpc_decisions_version._id
)
) as _changed_columns
from pdpc_decisions_version
join commits on commits.id = pdpc_decisions_version._commit;