data: pdpc_decisions_version_detail: 4 rows where "date" is on date 2019-06-06

4 rows where "date" is on date 2019-06-06

descending

_commit_at	_commit_hash	_id	_item	_version	_commit	description	tags	date	pdf-url	nature	title	url	timestamp	pdf-content	decision	_item_full_hash	_changed_columns
2023-10-01T11:02:10+08:00	fbd32491db44d3d0c97aa12a99cefd61ec954264	159	159	1	952	Telcos were not found in breach of the PDPA for charging subscribers for the provision of Caller Number Non-Display value added services.	[ "Consent", "Not in Breach", "Information and Communications", "Singtel", "Starhub", "M1" ]	2019-06-06	https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds-of-Decision---3-Telcos---06062019.pdf	Consent	No Breach of the Withdrawal of Consent Obligation by Telcos	https://www.pdpc.gov.sg/all-commissions-decisions/2019/06/no-breach-of-the-withdrawal-of-consent-obligation-by-telcos	2019-06-06	PERSONAL DATA PROTECTION COMMISSION [2019] SGPDPC 12 Case No DP-1609-B0229 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And 1. Starhub Mobile Pte Ltd 2. M1 Limited 3. Singtel Mobile Singapore Pte. Ltd. … Organisations DECISION Data protection – Consent obligation – Withdrawal of consent Starhub Mobile Pte Ltd, M1 Limited and Singtel Mobile Singapore Pte. Ltd. [2019] SGPDPC 12 Yeong Zee Kin, Deputy Commissioner — Case No DP-1609-B0229 6 June 2019. Background 1 The present matter arose from a complaint made by an individual mobile subscriber (“Complainant”), in relation to the current industry practice of mobile network operators charging for the provision of Caller Number NonDisplay (“CNND”) services. The CNND service is offered on a per-line basis affecting all out-going calls made using a particular telephone number. When activated by a subscriber, the CNND service essentially prevents the subscriber’s telephone number from being displayed on call recipients’ devices. 2 The Organisations are the three mobile network operators in Singapore. They offer a range of telecommunication services to subscribers, in particular, mobile telephony services. They also offer CNND as an optional value-added service to their subscribers. All the Organisations share a common practice of charging subscribers for the provision of CNND services, although the precise charges differ from Organisation to Organisation. 3 The key question which has to be determined in this case is whether section 16 of the Personal Data Protection Act 2012 (“PDPA”) prohibits organisations from imposing charges for the provision of CNND services. The Starhub Mobile Pte Ltd and others [2019] SGPDPC 12 findings and grounds of decision based on the Commission’s investigation are set out below. Material Facts 4 The Complainant is an individual subscriber of StarHub Mobile Pte Ltd (“StarHub”)’s mobile services. He had written to StarHub to request the withdrawal of his consent to the disclos…	Not in Breach	d14207cb5ac452bf33a3e97f370a686be33c72ca	[ "pdf-content", "timestamp", "decision", "pdf-url", "tags", "nature", "url", "title", "date", "description" ]
2023-10-01T11:02:10+08:00	fbd32491db44d3d0c97aa12a99cefd61ec954264	160	160	1	952	A financial penalty of $30,000 was imposed on Ncode Consultant for failing to put in place reasonable security arrangements to prevent unauthorised access and modification to an IT system provided to a school. The failure resulted in unauthorised access and modification of students’ personal data.	[ "Protection", "Financial Penalty", "Education", "School", "MOE" ]	2019-06-06	https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds-of-Decision---Ncode-Consultant---060619.pdf	Protection	Breach of Protection Obligation by Ncode Consultant	https://www.pdpc.gov.sg/all-commissions-decisions/2019/06/breach-of-protection-obligation-by-ncode-consultant	2019-06-06	Ncode Consultant Pte Ltd [2019] SGPDPC 11 PERSONAL DATA PROTECTION COMMISSION [2019] SGPDPC 11 Case No DP-1712-B1471 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And Ncode Consultant Pte Ltd … Organisation DECISION Ncode Consultant Pte Ltd [2019] SGPDPC 11 Ncode Consultant Pte Ltd Tan Kiat How, Commissioner — Case No DP-1712-B1471 6 June 2019 Background 1 This is a case of 6 students using teachers’ login credentials to access Victoria School’s NTRIX School Management system (“NTRIX”). The students were able to obtain the login credentials of teachers by exploiting a SQL vulnerability found in NTRIX (the “Incident”). Ncode Consultant Pte Ltd (“Ncode”) supplied NTRIX to various schools, including Victoria School. Victoria School is a school organised and conducted directly by the Ministry of Education (“MOE”). 2 On 5 December 2017, the Government Technology Agency of Singapore on behalf of MOE reported to the Personal Data Protection Commission (the “Commission”) that the NTRIX system for Victoria School suffered a total of 84 unauthorised logins (the “Unauthorised Logins”) between 3 August to 17 October 2017. 3 Following an investigation into the matter, the Commissioner found Ncode in breach of section 24 of Personal Data Protection Act 2012 (“PDPA”). Ncode Consultant Pte Ltd [2019] SGPDPC 11 Material Facts 4 Ncode is a school administrative system developer, and has been working with schools since 1994. NTRIX is a web application/portal managed by Ncode. There were 3 levels of users (i) student/parent; (ii) teaching/nonteaching employees; and (iii) administrator. By logging in with their respective passwords, teachers could enter examination scores and comments. Students and parents could also login to view results. 5 At the time of the Incident and Unauthorised Logins, there were 2792 records of students’ personal data stored as part of Victoria School’s instance of NTRIX. In each record, the students’ personal data may include all or s…	Financial Penalty	cd0fda368ff2ddf7bd4e60f1e5481232e55c0544	[ "pdf-content", "timestamp", "decision", "pdf-url", "tags", "nature", "url", "title", "date", "description" ]
2023-10-01T11:02:10+08:00	fbd32491db44d3d0c97aa12a99cefd61ec954264	161	161	1	952	A financial penalty of $4,000 was imposed on Option Gift for failure to conduct sufficient testing before deployment of a programme script which resulted in an unauthorised disclosure of up to 426 individuals’ personal data.	[ "Protection", "Financial Penalty", "Others", "Online Portal" ]	2019-06-06	https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds-of-Decision---Option-Gift-Pte-Ltd---060619.pdf	Protection	Breach of the Protection Obligation by Option Gift	https://www.pdpc.gov.sg/all-commissions-decisions/2019/06/breach-of-the-protection-obligation-by-option-gift	2019-06-06	PERSONAL DATA PROTECTION COMMISSION [2019] SGPDPC 10 Case No DP-1806-B2242, DP-1806-B2243 and DP-1806-B2244 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And Option Gift Pte Ltd … Organisation DECISION Option Gift Pte Ltd [2019] SGPDPC 10 Tan Kiat How, Commissioner — Case No DP-1806-B2242, DP-1806-B2243 and DP-1806B2244 6 June 2019 Background 1 On 12 June 2018, the Personal Data Protection Commission (the “Commission”) was notified by the Organisation of the unintended disclosure of up to 426 individuals’ personal data due to a coding error in its system. The Commission subsequently received complaints from 2 of the affected individuals on 12 and 13 June 2018 respectively. 2 Following an investigation into the matter, the Commissioner found the Organisation in breach of section 24 of Personal Data Protection Act 2012 (“PDPA”) and sets out below his findings and grounds of decision based on the investigations carried out in this matter. Material Facts The Portal 3 The Organisation maintains Uniqrewards (the “Portal”), an online portal through which national servicemen (“NSmen”) may redeem credits and gifts given by the Ministry of Defence (“MINDEF”) and the Ministry of Home Affairs (“MHA”) in recognition of their good performance during in-camp training or courses, or to celebrate certain events, such as the birth of a child. An NSman may log into the Portal and submit his redemption request, following which he would instantly receive a confirmation email that his order(s) are being processed (“Confirmation Emails”). Besides the NSman concerned, the customer service team of the Organisation would also receive a copy of the Confirmation Email by way of blind Option Gift Pte Ltd [2019] SGPDPC 10 carbon copy. 4 These Confirmation Emails are generally sent via a service account linked to the Portal. The service account is hosted by an external vendor which has a password expiry policy of 180 days. While the employee concerned had previously reset…	Financial Penalty	08f497403f3bd5aebb619dd326e88dc095e681c8	[ "pdf-content", "timestamp", "decision", "pdf-url", "tags", "nature", "url", "title", "date", "description" ]
2023-10-01T11:02:10+08:00	fbd32491db44d3d0c97aa12a99cefd61ec954264	162	162	1	952	A warning was issued to H3 Leasing for disclosing personal data online without the consent of the individual concerned.	[ "Consent", "Warning", "Transport and Storage", "Vehicle rental" ]	2019-06-06	https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds-of-Decision---H3-Leasing---06062019.pdf	Consent	Breach of the Consent Obligation by H3 Leasing	https://www.pdpc.gov.sg/all-commissions-decisions/2019/06/breach-of-the-consent-obligation-by-h3-leasing	2019-06-06	PERSONAL DATA PROTECTION COMMISSION [2019] SGPDPC 9 Case No DP-1803-B1859 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And H3 Leasing … Organisation DECISION H3 Leasing [2019] SGPDPC 9 H3 Leasing [2019] SGPDPC 9 Yeong Zee Kin, Deputy Commissioner — Case No DP-1803-B1859 6 June 2019 Background 1. The complaint concerns the disclosure of personal data without consent by H3 Leasing (the “Organisation”). The Organisation is in the business of rental of motor vehicles in Singapore. 2. The Complainant was a member of the public who had come across a post on social media by the Organisation disclosing scanned images of the NRIC of another individual (“Affected Individual”). The personal data disclosed by virtue of this comprised the full name, residential address, date of birth, NRIC number, NRIC photo and the thumbprint image of the Affected Individual (the “Personal Data Set”). On 8 March 2018, the Complainant filed a complaint with the Personal Data Protection Commission (the “Commission”) in relation to the disclosure of the Personal Data Set by the Organisation. 3. The key issue raised by the Complaint is whether the Organisation had the consent required under section 13 of the Personal Data Protection Act 2012 (the “PDPA”) to disclose the Personal Data Set of the Affected Individual in the manner and for the purposes which they did. 4. Following an investigation into the matter by the Personal Data Protection Commission, I found the Organisation in breach of section 13 of the PDPA. 2 H3 Leasing [2019] SGPDPC 9 Material Facts 5. On 15 December 2017, the Affected Individual rented a motor vehicle from the Organisation. He voluntarily provided a copy of his NRIC and entered into an agreement with the Organisation for that purpose. 6. Subsequently, the Affected Individual went into rental arrears and ceased contact with the Organisation. The Organisation was unable to locate him or the motor vehicle and made a police report concerning the…	Warning	975a9880e3865b938caf22061b31d292c5d3e479	[ "pdf-content", "timestamp", "decision", "pdf-url", "tags", "nature", "url", "title", "date", "description" ]

Advanced export

JSON shape: default, array, newline-delimited

CREATE VIEW pdpc_decisions_version_detail AS select
  commits.commit_at as _commit_at,
  commits.hash as _commit_hash,
  pdpc_decisions_version.*,
  (
    select json_group_array(name) from columns
    where id in (
      select column from pdpc_decisions_changed
      where item_version = pdpc_decisions_version._id
    )
) as _changed_columns
from pdpc_decisions_version
  join commits on commits.id = pdpc_decisions_version._commit;

pdpc_decisions_version_detail (view)

4 rows where "date" is on date 2019-06-06

Advanced export