pdpc_decisions_version_detail (view)
4 rows where "date" is on date 2019-06-20
This data as json, CSV (advanced)
Suggested facets: nature, decision, _commit_at (date), date (date), timestamp (date), tags (array), _changed_columns (array)
| _commit_at | _commit_hash | _id | _item | _version | _commit | description | tags | date | pdf-url | nature | title | url | timestamp | pdf-content | decision | _item_full_hash | _changed_columns |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 151 | 151 | 1 | 952 | A financial penalty of $10,000 was imposed on AIA for failure to take reasonable security arrangements in its letter generation process. | [
"Protection",
"Financial Penalty",
"Finance and Insurance",
"Insurance"
] |
2019-06-20 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds-of-Decision---AIA-Singapore-Pte-Ltd---200619.pdf | Protection | Breach of the Protection Obligation by AIA | https://www.pdpc.gov.sg/all-commissions-decisions/2019/06/breach-of-the-protection-obligation-by-aia | 2019-06-20 | PERSONAL DATA PROTECTION COMMISSION [2019] SGPDPC 20 Case No DP-1801-B1530 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And AIA Singapore Private Limited … Organisation DECISION AIA Singapore Private Limited [2019] SGPDPC 20 Tan Kiat How, Commissioner — Case No DP-1801-B1530 20 June 2019 Background 1 On 5 January 2018, the Organisation notified the Personal Data Protection Commission (the “Commission”) of the potential unauthorised disclosure (the “Incident”) of individuals’ personal data contained in 244 letters sent to two individuals due to an error with its letter generation system. In particular, 245 letters meant for various customers that the Organisation generated on 22 December 2017 and 27 December 2017 were sent to two customers as follows: (a) 179 letters were sent to the first customer (“Customer X”), of which 178 letters were received by him (with one having gone missing in transit); and (b) 66 letters were sent to, and received by, the second customer (“Customer Y”). Customer Y was the intended recipient of only one of these letters. 2 Following an investigation into the matter by the Commission, the Commissioner found the Organisation in breach of section 24 of Personal Data Protection Act 2012 (“PDPA”) for the reasons set out below. AIA Singapore Private Limited [2019] SGPDPC 20 Material Facts 3 The Incident arose from an error in the Organisation’s “Integral Life System” (the “System”) which was used to automatically generate certain types of letters to its customers. The error was introduced into the System as a result of the Organisation deploying a software fix (the “Fix”) on 21 December 2017 to rectify an earlier error (the “First System Error”). The First System Error resulted in the Organisation sending duplicate letters to customers who had provided the Organisation with only a foreign despatch address (ie they had not provided any local despatch address in Singapore). 4 Unfortunately, the Fix inadvertently intro… | Financial Penalty | d16b9d4902b7da4ff4474bdf5eb9393d29ad7f07 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 152 | 152 | 1 | 952 | A warning was issued to Xbot for failing to put in place data protection policies to comply with the provisions of the PDPA. | [
"Accountability",
"Warning",
"Real Estate",
"Property"
] |
2019-06-20 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds-of-Decision--Xbot-Pte-Ltd---200619.pdf | Accountability | Breach of the Openness Obligation by Xbot | https://www.pdpc.gov.sg/all-commissions-decisions/2019/06/breach-of-the-openness-obligation-by-xbot | 2019-06-20 | PERSONAL DATA PROTECTION COMMISSION [2019] SGPDPC 19 Case No DP-1803-1781 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And Xbot Pte. Ltd. … Organisation DECISION Xbot Pte. Ltd. [2019] SGPDPC 19 Yeong Zee Kin, Deputy Commissioner — Case No DP-1803-1781 20 June 2019 Introduction 1. On 2 March 2018, the Personal Data Protection Commission (the “Commission”) received a complaint that Xbot Pte. Ltd. (the “Organisation”) had disclosed the personal data of property owners through the Strata.sg mobile application without their consent. The Commission commenced an investigation in order to determine whether the Organisation had failed to comply with its obligations under the Personal Data Protection Act 2012 (the “PDPA”). Material Facts 2. The Organisation developed and operated the Strata.sg mobile application (the “App”) and an associated website, http://Strata.sg (the “Website”), which provided access to a database of residential property transactions (the “Database”). The Database included information on transactions involving both private residential properties (“Private Properties”) and Housing Development Board (“HDB”) properties (“HDB Properties”). This information was made available to users of the App and Website and included a partial address (block number, road and, for HDB Properties only, a storey range), area, type and price for the properties listed. In addition, the complete addresses of the Private Properties (including the specific unit number) was made available to premium subscribers of the App or Website who paid a fee for access to the information in the Database. 3. The Organisation also collected personal data from users of the Website and users of the App in order to grant them access to the Database. The Organisation had a data protection policy for the Website (which it referred to as a “Privacy Policy”) but that policy did not 1 Xbot Pte. Ltd. [2019] SGPDPC 19 mention or cover the personal data collected from users of the… | Warning | d2e2fb18265e0bede337a2a87e9f9ab6c61a81af | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 153 | 153 | 1 | 952 | Cigna Europe Insurance Company S.A.-N.V. was found not to be in breach of the PDPA in relation to allegation that it had failed to make reasonable security arrangements to prevent the unauthorised disclosure of the personal data of its policy members. | [
"Protection",
"Not in Breach",
"Finance and Insurance"
] |
2019-06-20 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds-of-Decision---Cigna-Singapore---200619.pdf | Protection | No Breach of Protection Obligation by Cigna Europe Insurance Company S.A.-N.V. | https://www.pdpc.gov.sg/all-commissions-decisions/2019/06/no-breach-of-protection-obligation-by-cigna-europe-insurance-company-s-a--n-v | 2019-06-20 | PERSONAL DATA PROTECTION COMMISSION [2019] SGPDPC 18 Case No DP-1806-B2241 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And Cigna Europe Insurance Company S.A.-N.V. … Organisation DECISION Cigna Europe Insurance Company S.A.-N.V. [2019] SGPDPC 18 Yeong Zee Kin, Deputy Commissioner — Case No DP-1806-B2241 20 June 2019 Background 1. Cigna Europe Insurance Company S.A.-N.V. is a company established in Belgium which offers health insurance solutions and coverage in Singapore through a registered branch office (the “Organisation”). On 1 June 2018, the Organisation notified the Personal Data Protection Commission (the “Commission”) of a data breach incident involving the inadvertent disclosure of certain personal data of individuals who had taken up health insurance coverage with the Organisation. The Commission commenced an investigation in order to determine whether the Organisation had failed to comply with its obligations under the Personal Data Protection Act 2012 (the “PDPA”). Material Facts 2. The Organisation provides health insurance coverage to employees of its clients and their families who decided to take up such coverage (“Members”). In order to provide this health insurance coverage, it collects, uses and processes personal data of the Members. 3. In 2012, the Organisation entered into a services agreement (the “Services Agreement”) with Cigna European Services (UK) Limited (“CES”) for the provision of various insurance-related services. CES is a related company of the Organisation within the Cigna group of companies (“Cigna Group”). The services provided by CES included the processing of insurance claims (among other services) and this involved activities such as generating and sending claim settlement letters and letters accompanying cheque payments to 1 Cigna Europe Insurance Company S.A.-N.V. [2019] SGPDPC 18 Members who had made an insurance claim. Such claims were processed through an information technology (“IT”) system whic… | Not in Breach | 82befc3c459545f252183917e41a70959f2f78cd | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 154 | 154 | 1 | 952 | A financial penalty of $6,000 was imposed on InfoCorp for failing to put in place reasonable security arrangements to protect the personal data of individuals. Personal data of some individuals participating in a registration exercise via InfoCorp’s website were disclosed to other participants in the course of the registration exercise. | [
"Protection",
"Financial Penalty",
"Finance and Insurance",
"Crypto-currency"
] |
2019-06-20 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds-of-Decision---InfoCorp-Technologies-Pte-Ltd---200619.pdf | Protection | Breach of Protection Obligation by InfoCorp | https://www.pdpc.gov.sg/all-commissions-decisions/2019/06/breach-of-protection-obligation-by-infocorp | 2019-06-20 | PERSONAL DATA PROTECTION COMMISSION [2019] SGPDPC 17 Case No DP-1802-B1674 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And InfoCorp Technologies Pte. Ltd. … Organisation DECISION InfoCorp Technologies Pte. Ltd. [2019] SGPDPC 17 InfoCorp Technologies Pte. Ltd. Tan Kiat How, Commissioner — Case No DP-1802-B1674 20 June 2019 Background 1 The case concerns the unauthorised access and disclosure of personal data arising from a registration exercise for a crypto-currency initial coin offering (“ICO”). The Personal Data Protection Commission (“PDPC”) received six complaints on the matter on 5 February 2018. The Organisation also notified the PDPC of the matter on the same day. 2 Following an investigation into the matter, the Commissioner found the Organisation in breach of section 24 of Personal Data Protection Act 2012 (“PDPA”). The Commissioner’s findings and grounds of decision of the matter are set out below. Material Facts 3 The Organisation had conducted a crypto-currency ICO registration exercise via a website1 (“Website”) which it owned and managed at the material time. The registration exercise was scheduled to take place between 5 and 26 February 2018. 1 https://sentinel-chain.org/. InfoCorp Technologies Pte. Ltd. 4 [2019] SGPDPC 17 The registration process involved two main parts. (a) Individuals (“Participants”) were asked to input name, email address, date of birth, identification type and number, nationality, country of residence and residential address (“Personal Data Set”) on the registration page. (b) Participants also had to upload Know-Your-Customer (“KYC”) documents. A Uniform Resource Locator (“URL”) would be assigned to a Participant after he or she had uploaded the KYC documents and clicked “Save”. The KYC documents included the following: i. An identification document with a photograph of the Participant; ii. Documents showing proof of residence; and iii. A photograph of the Participant holding the identification … | Financial Penalty | 2b7e4b3d76547b65e3ffb56aa9d289d4a9afa901 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
Advanced export
JSON shape: default, array, newline-delimited
CREATE VIEW pdpc_decisions_version_detail AS select
commits.commit_at as _commit_at,
commits.hash as _commit_hash,
pdpc_decisions_version.*,
(
select json_group_array(name) from columns
where id in (
select column from pdpc_decisions_changed
where item_version = pdpc_decisions_version._id
)
) as _changed_columns
from pdpc_decisions_version
join commits on commits.id = pdpc_decisions_version._commit;