pdpc_decisions_version_detail (view)
3 rows where "date" is on date 2019-09-06
This data as json, CSV (advanced)
Suggested facets: decision, _commit_at (date), date (date), timestamp (date), tags (array), _changed_columns (array)
| _commit_at | _commit_hash | _id | _item | _version | _commit | description | tags | date | pdf-url | nature | title | url | timestamp | pdf-content | decision | _item_full_hash | _changed_columns |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 140 | 140 | 1 | 952 | Directions, including a financial penalty of $10,000, were imposed on O2 Advertising for breaches of the PDPA. The organisation failed to put in place reasonable measures to protect individuals’ personal data collected from an advertising campaign and did not cease retention of such data when it was no longer required. The organisation was also directed to appoint a data protection officer and put in place data protection policies and practices. | [
"Protection",
"Retention Limitation",
"Accountability",
"Financial Penalty",
"Information and Communications"
] |
2019-09-06 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds-of-Decision---O2-Advertising-Pte-Ltd---280819.pdf | Protection, Retention Limitation, Accountability | Breach of the Protection, Retention and Accountability Obligations by O2 Advertising | https://www.pdpc.gov.sg/all-commissions-decisions/2019/09/breach-of-the-protection--retention-and-accountability-obligations-by-o2-advertising | 2019-09-06 | PERSONAL DATA PROTECTION COMMISSION [2019] SGPDPC 32 Case No DP-1807-B2376 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And O2 Advertising Pte. Ltd. … Organisation DECISION O2 Advertising Pte. Ltd. [2019] SGPDPC 32 Tan Kiat How, Commissioner — Case No DP-1807-B2376 28 August 2019 Background 1 An individual found certain of his personal data accessible over the Internet without his consent. In particular, the individual found that when he conducted a search on Google using his name and National Registration Identification Card (“NRIC”) number, the search results included a URL link (the “URL Link”) to a database maintained by O2 Advertising Pte. Ltd. (the “Organisation”). The database contained the personal data of numerous individuals including the individual’s (the “Affected Individuals”). On 10 July 2018, the individual lodged a complaint with the Personal Data Protection Commission (“Commission”) over the incident. Material Facts 2 The Organisation provides advertising and marketing services in Singapore. In 2015, the Organisation collected the Affected Individuals’ personal data during an advertising campaign conducted on behalf of one of its clients. The Organisation stored the collected personal data in two databases. 1 O2 Advertising Pte. Ltd. 3 [2019] SGPDPC 32 The incident resulted in the following types of personal data of the Affected Individuals being either exposed to unauthorised access or at risk of unauthorised access (the “Disclosed Data”) depending on which database the Disclosed Data was stored in: 4 (a) Name; (b) NRIC number; (c) email address; (d) residential address; (e) gender; (f) date of birth; (g) mobile number; (h) age; and (i) skin type. The Disclosed Data of 403 Affected Individuals was stored in one database (“Database A”) and exposed to unauthorised access through the URL Link found by the complainant. The Disclosed Data of 1,165 Affected Individuals was stored in another database (“Database… | Financial Penalty | cedca1dbf798a0941276a2ed505c2ae8e14eda86 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 141 | 141 | 1 | 952 | A financial penalty of $5,000 was imposed on Executive Link Services for breaches of the PDPA. The organisation failed to appoint a data protection officer and did not have written policies and practices necessary to ensure its compliance with the PDPA. | [
"Accountability",
"Financial Penalty",
"Employment"
] |
2019-09-06 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds-of-Decision---Executive-Link-20082019.pdf | Accountability | Breach of the Accountability Obligation by Executive Link Services | https://www.pdpc.gov.sg/all-commissions-decisions/2019/09/breach-of-the-accountability-obligation-by-executive-link-services | 2019-09-06 | PERSONAL DATA PROTECTION COMMISSION [2019] SGPDPC 30 Case No DP-1806-B2237 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And Executive Link Services Pte. Ltd. …Organisation(s) DECISION Executive Link Services Pte. Ltd. [2019] SGPDPC 30 Mr Yeong Zee Kin, Deputy Commissioner – Case No DP-1806-B2237 23 August 2019 Background 1. On 11 June 2018, Executive Link Services Pte. Ltd. (the “Organisation”) reported a data breach to the Personal Data Protection Commission (the “Commission”) concerning the unintended disclosure of personal data of individuals that were stored on the Organisation’s server (“Incident”). The Commission investigated the Incident and determined that the Organisation had breached its obligations under the Personal Data Protection Act 2012 (“PDPA”). Material facts 2. The Organisation is an employment agency. Sometime before 8 June 2018, one of the Organisation’s clients engaged a cybersecurity company to scan the Internet for information relating to the client. During this scan, the cybersecurity company was able to gain access and retrieve copies of draft contracts of job candidates from the Organisation’s server. The Organisation was alerted on 8 June 2018. In total, resumes of 367 individuals (the “Affected Individuals”) and around 150 draft contracts relating to some of those individuals, together with the personal data therein (the “Compromised Personal Data”), were exposed to unauthorised disclosure in this manner. 3. The Compromised Personal Data included the following: Re Executive Link Services Pte Ltd (a) [2019] SGPDPC 30 the individual’s name, address, contact number, email address(es), education level, salary expectation and employment history (in relation to the resumes); and (b) the individual’s name, address and salary information (in relation to the draft contracts). Events leading to the Incident 4. The Organisation had implemented remote access for staff to access internal files stored on its data storage se… | Financial Penalty | 738ff8a1f74b23bb71dfc2235015dbfcd02e2751 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 142 | 142 | 1 | 952 | A warning was issued to Friends Provident International for failing to protect the personal data of its policyholders from unauthorised disclosure via its online portal. | [
"Protection",
"Warning",
"Finance and Insurance"
] |
2019-09-06 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Ground-of-Decision---Friends-Provident---300719.pdf | Protection | Breach of the Protection Obligation by Friends Provident International | https://www.pdpc.gov.sg/all-commissions-decisions/2019/09/breach-of-the-protection-obligation-by-friends-provident-international | 2019-09-06 | PERSONAL DATA PROTECTION COMMISSION [2019] SGPDPC 29 Case No DP-1805-B2112 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And Friends Provident International Limited … Organisation DECISION Friends Provident International Limited Yeong Zee Kin, Deputy Commissioner – Case No. DP-1805-B2112 30 July 2019 Facts of this Case 1 Friends Provident International Limited is a company established in the Isle of Man which provides life assurance services in Singapore through a registered branch office (the “Organisation”). In the course of providing these services, it operates and maintains an online portal (the “Portal”) through which its policyholders can request for changes to their particulars, for example, contact details. On 10 May 2018, the Organisation notified the Personal Data Protection Commission (the “Commission”) of a data breach incident involving the disclosure of certain personal data of policyholders obtained from the Portal. The circumstances leading to the incident were as follows. 2 The Organisation’s policyholders and certain other authorised personnel could access the Portal via a “Secured Mailbox” webpage on the Organisation’s website (the “Secured Mailbox Webpage”). Policyholders could, as noted above, submit certain requests via the Portal and the Organisation’s authorised personnel accessed the Portal in order to process these requests. For this purpose, the Organisation’s authorised personnel could generate reports containing the data of policyholders who had made a request (“Reports”). These Reports were stored in the Portal and could be obtained thereafter by the Organisation’s authorised personnel. 1 3 The ability to generate and obtain Reports from the Portal was intended to be restricted to the Organisation’s authorised personnel. To achieve this, when a user logged in to the Secured Mailbox Webpage, the system would determine whether the user was one of the Organisation’s authorised personnel or a policyholder. If the user… | Warning | 6578b3c9e72080e89fbcce5011a711485b15a443 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
Advanced export
JSON shape: default, array, newline-delimited
CREATE VIEW pdpc_decisions_version_detail AS select
commits.commit_at as _commit_at,
commits.hash as _commit_hash,
pdpc_decisions_version.*,
(
select json_group_array(name) from columns
where id in (
select column from pdpc_decisions_changed
where item_version = pdpc_decisions_version._id
)
) as _changed_columns
from pdpc_decisions_version
join commits on commits.id = pdpc_decisions_version._commit;