pdpc_decisions_version_detail (view)
4 rows where "date" is on date 2018-12-13
This data as json, CSV (advanced)
Suggested facets: decision, _commit_at (date), date (date), timestamp (date), tags (array), _changed_columns (array)
| _commit_at | _commit_hash | _id | _item | _version | _commit | description | tags | date | pdf-url | nature | title | url | timestamp | pdf-content | decision | _item_full_hash | _changed_columns |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 171 | 171 | 1 | 952 | A financial penalty of $30,000 was imposed on Funding Societies for failing to make reasonable security arrangements to prevent the unauthorised disclosure of the personal data of its members. | [
"Protection",
"Financial Penalty",
"Finance and Insurance",
"financing platform"
] |
2018-12-13 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds-of-Decision---Funding-Societies-Pte-Ltd---131218.pdf | Protection | Breach of Protection Obligation by Funding Societies | https://www.pdpc.gov.sg/all-commissions-decisions/2018/12/breach-of-protection-obligation-by-funding-societies | 2018-12-13 | PERSONAL DATA PROTECTION COMMISSION [2018] SGPDPC 29 Case No DP-1708-B1035 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And Funding Societies Pte. Ltd. … Organisation DECISION Funding Societies Pte. Ltd. [2018] SGPDPC 29 Tan Kiat How, Commissioner — Case No DP-1708-B1035 13 December 2018 BACKGROUND 1 On 14 August 2017, the Personal Data Protection Commission (the “Commission”) received an email notification from the Organisation. The Organisation is the operator of an online financing platform that connects borrowers and investors (the “Website”). Individuals who used the Website would have to register for an account, either as an “Investor” or a “Borrower” (collectively, “Members”). Each Member was given a unique identifier, which was generated sequentially (the “MemberID”). 2 In its email notification, the Organisation informed the Commission that one of its Members, [Redacted] (Replaced with “Mr J”), had emailed them on 25 July 2017 to inform that he had found a vulnerability with the Website. To illustrate this, Mr J showed the Organisation the personal details of two other Members that he had extracted from the Website (the “data breach”). The Organisation took immediate action to rectify the vulnerability and was able to do so by 26 July 2017. 3 After receipt of the email notification from the Organisation, the Commission proceeded to investigate into an alleged breach of the Personal Data Protection Act 2012 (“PDPA”). Funding Societies Pte. Ltd. [2018] SGPDPC 29 MATERIAL FACTS The Website’s vulnerability 4 On 19 June 2017, the Organisation rolled out new system components for the Website. This update gave rise to a vulnerability in the Website’s security system, the details of which are summarised below. 5 When a Member successfully logged into the Website using his username and password, his browser received an authentication token from the Website’s server.1 This token contained the user’s MemberID and granted the user access to the … | Financial Penalty | 1f9a6cd77117118c2993744cd45d390f6d952a0a | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 172 | 172 | 1 | 952 | A financial penalty of $6,000 was imposed on Institute of Singapore Chartered Accountants for failing to make reasonable security arrangements to prevent the unauthorised disclosure of the personal data of its members. | [
"Protection",
"Financial Penalty",
"Finance and Insurance"
] |
2018-12-13 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds-of-Decision---Institute-of-Singapore-Chartered-Accountants---131218.pdf | Protection | Breach of Protection Obligation by Institute of Singapore Chartered Accountants | https://www.pdpc.gov.sg/all-commissions-decisions/2018/12/breach-of-protection-obligation-by-institute-of-singapore-chartered-accountants | 2018-12-13 | PERSONAL DATA PROTECTION COMMISSION [2018] SGPDPC 28 Case No DP-1711-B1367 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And Institute of Singapore Chartered Accountants … Organisation DECISION Institute of Singapore Chartered Accountants [2018] SGPDPC 28 Tan Kiat How, Commissioner — Case No DP-1711-B1367 13 December 2018. Background 1 Technology has transformed the way we communicate. Today, we live in a world of tweets and texts, email and instant messaging. This case shows that when sending documents containing a significant volume of personal data by email, it is important for organisations to have in place reasonable security arrangements to protect these documents from unauthorised access by unintended recipients. 2 On 27 November 2017, the Personal Data Protection Commission (the “Commission”) received notification from the Institute of Singapore Chartered Accountants (“ISCA”) that one of its employees inadvertently sent an email attaching a Microsoft Excel document containing personal data of 1,906 individuals (the “Excel File”) to an unintended recipient (the “Incident”). 3 Following an investigation into the matter, the Commissioner found ISCA in breach of section 24 of Personal Data Protection Act 2012 (“PDPA”). Material Facts 4 Established in 1963, ISCA is the national professional body for accountants in Singapore with about 32,000 members. ISCA is the Institute of Singapore Chartered Accountants [2018] SGPDPC 28 Administrator of the Singapore Chartered Accountant Qualification and the designated body to confer the “Chartered Accountant of Singapore” designation. 5 On or about 23 November 2017, as part of business operations, 2 ISCA employees (the “First Employee” and the “Second Employee”, collectively the “Employees”) were unable to open the Excel File (stored on ISCA’s internal shared drive) as it appeared to be corrupted. The Employees sought the assistance of ISCA’s IT department. Arising from this, ISCA’s IT Support Specialist… | Financial Penalty | e2bbbd06e9b393bceb76c1214148a7dc8f472f96 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 173 | 173 | 1 | 952 | Directions were issued to SLF Green Maid Agency for failing to make reasonable security arrangements to prevent the unauthorised disclosure of individuals’ personal data. | [
"Protection",
"Directions",
"Others",
"domestic helper"
] |
2018-12-13 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds-of-Decision---Green-Maid-Agency---131218.pdf | Protection | Breach of Protection Obligation by SLF Green Maid Agency | https://www.pdpc.gov.sg/all-commissions-decisions/2018/12/breach-of-protection-obligation-by-slf-green-maid-agency | 2018-12-13 | PERSONAL DATA PROTECTION COMMISSION [2018] SGPDPC 27 Case No DP-1806-B2265 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And SLF Green Maid Agency … Organisation DECISION SLF Green Maid Agency [2018] SGPDPC 27 SLF Green Maid Agency [2018] SGPDPC 27 Yeong Zee Kin, Deputy Commissioner — Case No DP-1806-B2265 13 December 2018 1 This case arose out of the common practice of reusing scrap or discarded paper where the reverse side of the paper can still be used. This is highly commendable and environmentally-friendly, but organisations must take care to ensure that there is no personal data on the scrap or discarded paper set aside for such re-use. An employee of SLF Green Maid Agency (the “Organisation”) wrote information for the Complainant on a piece of paper which contained personal data of other individuals on the reverse side and gave the paper to the Complainant. This happened on two separate occasions. The key issue is whether this disclosure of personal data by the Organisation amounts to a breach of section 24 of the Personal Data Protection Act 2012 (“PDPA”). Material Facts 2 On 8 April 2018, the Complainant visited the Organisation’s office to enquire about engaging a foreign domestic worker. An employee of the Organisation assisted her and over the course of these enquiries, the employee handed the Complainant some paper on which he wrote information related to her query. The Complainant discovered that the reverse side of the paper contained personal data of other individuals. The Complainant informed the employee that the paper that was used should not have been given to the Complainant. 3 On 24 April 2018, the Complainant returned to the Organisation’s office and was served by the same employee. Again, over the course of the queries, she was provided information hand written on used paper. Similarly, the reverse side of the paper contained personal data of other individuals. 4 Over the two occasions, the following personal data was disclos… | Directions | db40f6c2dd8921428c1fe911f5570123eecd69e8 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 174 | 174 | 1 | 952 | A financial penalty of $20,000 was imposed on WTS Automotive Services for failing to make reasonable security arrangements to prevent the unauthorised disclosure of its customers’ personal data. | [
"Protection",
"Financial Penalty",
"Others",
"vehicle repair and maintenance"
] |
2018-12-13 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds-of-Decision---WTS-Automotive-Services-Pte-Ltd---131218.pdf | Protection | Breach of Protection Obligation by WTS Automotive Services | https://www.pdpc.gov.sg/all-commissions-decisions/2018/12/breach-of-protection-obligation-by-wts-automotive-services | 2018-12-13 | PERSONAL DATA PROTECTION COMMISSION [2018] SGPDPC 26 Case No DP-1706-B0834 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And WTS Automotive Services Pte. Ltd. … Organisation ________________________________________________________ GROUNDS OF DECISION ________________________________________________________ WTS Automotive Services Pte. Ltd. [2018] SGPDPC 26 Tan Kiat How, Commissioner – Case No DP-1706-B0834 13 December 2018 Background 1 This matter involves WTS Automotive Services Pte. Ltd. (the “Organisation”), a company which provides vehicle repair and maintenance services at Kaki Bukit and Gul Circle in Singapore. On 9 June 2017, a complaint was lodged by a member of the public (“Complainant”) with the Personal Data Protection Commission (“Commission”), alleging that a URL link to the Organisation’s customer database, which contained the personal data of the Organisation’s customers, was publicly accessible over the Internet (the “Incident”). The Commissioner sets out below his findings and grounds of decision based on the investigations carried out in this matter. Material Facts 2 The Complainant had been searching for a company address via Google’s search engine, when he chanced upon the URL link to the Organisation’s Kaki Bukit customer database, which contained the personal data of 2,472 of its Kaki Bukit customers. The personal data that was disclosed included the names, NRIC and FIN numbers, residential addresses, contact numbers, email addresses and car plate registration numbers of the Organisation’s Kaki Bukit customers. The Complainant proceeded to lodge a complaint with the Commission on 9 June 2017. Upon receiving the complaint, the Commission commenced an investigation into this matter. 3 During the course of the investigation, the Organisation represented that it had implemented a Backend Electronic Job Card System (“Backend System”) which ran as a web WTS Automotive Services Pte. Ltd. [2018] SGPDPC 26 application over t… | Financial Penalty | 307dccae9f3fe07fcf0b183cff56b8e28dc80153 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
Advanced export
JSON shape: default, array, newline-delimited
CREATE VIEW pdpc_decisions_version_detail AS select
commits.commit_at as _commit_at,
commits.hash as _commit_hash,
pdpc_decisions_version.*,
(
select json_group_array(name) from columns
where id in (
select column from pdpc_decisions_changed
where item_version = pdpc_decisions_version._id
)
) as _changed_columns
from pdpc_decisions_version
join commits on commits.id = pdpc_decisions_version._commit;