pdpc_decisions_version_detail (view)
3 rows where "date" is on date 2019-07-04
This data as json, CSV (advanced)
Suggested facets: decision, _commit_at (date), date (date), timestamp (date), tags (array), _changed_columns (array)
| _commit_at | _commit_hash | _id | _item | _version | _commit | description | tags | date | pdf-url | nature | title | url | timestamp | pdf-content | decision | _item_full_hash | _changed_columns |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 148 | 148 | 1 | 952 | Directions, including a financial penalty of $5,000, were imposed on AgcDesign for breaches of the PDPA. The organisation failed to appoint a data protection officer and did not have written policies and practices necessary to ensure its compliance with the PDPA. | [
"Accountability",
"Financial Penalty",
"Others",
"Interior design"
] |
2019-07-04 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds-of-Decision--AgcDesign-Pte-Ltd--040719.pdf | Accountability | Breach of the Openness Obligation by AgcDesign | https://www.pdpc.gov.sg/all-commissions-decisions/2019/07/breach-of-the-openness-obligation-by-agcdesign | 2019-07-04 | PERSONAL DATA PROTECTION COMMISSION [2019] SGPDPC 23 Case No DP-1805-B2072 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And AgcDesign Pte. Ltd. … Organisation DECISION AgcDesign Pte. Ltd. [2019] SGPDPC 23 Yeong Zee Kin, Deputy Commissioner – Case No DP-1805-B2072 4 July 2019 Background and Material Facts 1 AgcDesign Pte. Ltd. (the “Organisation”) provides interior designing services for commercial and residential properties. Between 5 and 9 May 2018, the Personal Data Protection Commission (the “Commission”) received complaints alleging that the Organisation had used the complainants’ names and residential addresses without the complainants’ consent to send them marketing mailers. In the course of investigations by the Commission, it was found that the Organisation had sent the mailers using information from a database of property-related information obtained from a third party. That database had been compiled from information on caveats lodged with the Singapore Land Authority, which was publicly available. 2 It also emerged in the course of investigations that the Organisation had not appointed any data protection officer (“DPO”) and it had not developed and put in place any data protection policies. Upon being notified of the complaints, the Organisation appointed a DPO and issued certain verbal instructions to its employees concerning the collection, use and disclosure of personal data. 1 AgcDesign Pte. Ltd. [2019] SGPDPC 23 Findings and Basis for Determination 3 Section 17 of the PDPA, read with the relevant provisions of the Second, Third and Fourth Schedules to the PDPA, permits organisations to collect, use and disclose personal data which is publicly available without the consent of the individuals concerned. The Commission therefore did not proceed further with its investigation into the Organisation’s use of personal data in this case and I am satisfied that it is unnecessary to do so. 4 In relation to the Organisation’s failu… | Financial Penalty | dbe45267b662cba27e20e9da8c6e449830e75c7f | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 149 | 149 | 1 | 952 | Directions, including a financial penalty of $20,000, were issued to Spize Concepts for breaches of the PDPA. Amongst the breaches, the organisation failed to appoint a data protection officer and did not make reasonable security arrangements to prevent the unauthorised disclosure of customers’ personal data. | [
"Protection",
"Accountability",
"Transfer Limitation",
"Financial Penalty",
"Accommodation and F&B"
] |
2019-07-04 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds-of-Decision---Spize-Concepts-Pte-Ltd---040719.pdf | Protection, Accountability, Transfer Limitation | Breach of the Protection, Openness and Transfer Limitation Obligations by Spize Concepts | https://www.pdpc.gov.sg/all-commissions-decisions/2019/07/breach-of-the-protection--openness-and-transfer-limitation-obligations-by-spize-concepts | 2019-07-04 | PERSONAL DATA PROTECTION COMMISSION [2019] SGPDPC 22 Case No DP-1708-B1027 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And Spize Concepts Pte Ltd …Organisation DECISION Spize Concepts Pte Ltd [2019] SGPDPC 22 Tan Kiat How, Commissioner – Case No DP-1708-B1027 4 July 2019 Background 1. This complaint concerns an incident involving the personal data of customers of Spize Concepts Pte Ltd (“Spize”). Spize operates a chain of food & beverage outlets in Singapore. Part of its offering involves allowing customers to place orders through its online portal, https://orders.spize.sg (“Site”). The orders placed online will then be delivered to the customer at the stipulated address. Material facts 2. On 12 August 2017, the Personal Data Protection Commission (“PDPC”) received a complaint from a member of the public regarding the Site. A link on the Site named “Call Center” (“Link”) had allowed members of the public to view 3 tabs: “Customer Ordering”, “Restaurants” and “Order Dashboard”. Under the “Order Dashboard” tab, approximately 148 customers’ personal data – specifically their names, contact numbers, email addresses and residential addresses (“personal data sets”) – were disclosed (“Incident”). The Incident was caused by a user logging onto the Managing Director’s administrator account to enable the Link to be publicly accessible on or around 9 February 2017. The Link was intended only for internal use and not accessible to the public. Re Spize Concepts Pte Ltd 3. [2019] SGPDPC 22 Spize engaged Novadine, Inc. (“Novadine”) to develop and host their Site and online ordering system in or around 2012. Personal data sets collected through the online ordering system were stored in databases within Novadine’s servers. Upon receiving news of the Incident on 14 August 2017, Spize requested Novadine to rectify the weakness in the Site. Novadine subsequently disabled the Link. The Link has not been publicly accessible since 16 August 2017. Findings and Basis … | Financial Penalty | d2a83fa4e562a8fb8618db0b9b1298c7bbad707f | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 150 | 150 | 1 | 952 | Directions were issued to SME Motor for failing to make reasonable security arrangements to prevent the unauthorised disclosure of individuals’ personal data. The lapses resulted in personal data of other customers being disclosed on the reverse side of an invoice document. | [
"Protection",
"Directions",
"Others",
"Auto Repair and servicing",
"Car"
] |
2019-07-04 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds-of-Decision---SME-Motor-Pte-Ltd---040719.pdf | Protection | Breach of the Protection Obligation by SME Motor | https://www.pdpc.gov.sg/all-commissions-decisions/2019/07/breach-of-the-protection-obligation-by-sme-motor | 2019-07-04 | PERSONAL DATA PROTECTION COMMISSION [2019] SGPDPC 21 Case No DP-1901-B3318 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And SME Motor Pte. Ltd. … Organisation DECISION 1 SME Motor Pte. Ltd. [2019] SGPDPC 21 Yeong Zee Kin, Deputy Commissioner — Case No DP-1901-B3318 4 July 2019 Background 1 On 31 January 2019, the Personal Data Protection Commission (the “Commission”) received a complaint from an individual (the “Complainant”) in relation to the disclosure of other individuals’ personal data that had been printed on the reverse side of an invoice issued to the Complainant by SME Motor Pte. Ltd. (the “Organisation”). Material Facts 2 The facts of this case and circumstances leading to the breach bear some resemblance to the cases of Re SLF Green Maid Agency [2018] SGPDPC 27 and Re Furnituremart.sg [2017] SGPDPC 7. 3 The Organisation is in the business of auto repair and servicing. In an effort to be environmentally friendly, the Organisation had a practice of re-using scrap or unwanted paper documents by printing other documents on the reverse side. 4 The Complainant met with a car accident and brought her vehicle to the Organisation’s workshop for repair. The Complainant subsequently discovered 1 [2019] SGPDPC 21 SME Motor Pte. Ltd. that the Organisation had printed her workshop repair invoice on a piece of paper that contained the personal data of two other individuals (the “Personal Data”) on the reverse side. On 31 January 2019, the Complainant lodged a complaint with the Commission in relation to the disclosure of the Personal Data. 5 The Personal Data disclosed to the Complainant included the following: (a) the first individual’s name, National Registration Identification Card (“NRIC”) number, and insurance policy number; and (b) the second individual’s name, insurance policy number, and claim number. Findings and Basis for Determination 6 The issue that arises in this case for determination is whether the Organisation had complied … | Directions | 8817cb0bc39f451aa5b8c5d679937e87fcd26cf9 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
Advanced export
JSON shape: default, array, newline-delimited
CREATE VIEW pdpc_decisions_version_detail AS select
commits.commit_at as _commit_at,
commits.hash as _commit_hash,
pdpc_decisions_version.*,
(
select json_group_array(name) from columns
where id in (
select column from pdpc_decisions_changed
where item_version = pdpc_decisions_version._id
)
) as _changed_columns
from pdpc_decisions_version
join commits on commits.id = pdpc_decisions_version._commit;