data: pdpc_decisions_version_detail: 3 rows where "date" is on date 2020-03-19

3 rows where "date" is on date 2020-03-19

descending

_commit_at	_commit_hash	_id	_item	_version	_commit	description	tags	date	pdf-url	nature	title	url	timestamp	pdf-content	decision	_item_full_hash	_changed_columns
2023-10-01T11:02:10+08:00	fbd32491db44d3d0c97aa12a99cefd61ec954264	103	103	1	952	A warning was issued to SSA Group International for failing to put in place reasonable security arrangements to prevent the unauthorised access of 53 individuals’ course registration information which were publicly available via its webpage.	[ "Protection", "Warning" ]	2020-03-19	https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/SSA-Group-International-Pte-Ltd---Summary-of-Decision---02032020.pdf	Protection	Breach of the Protection Obligation by SSA Group International	https://www.pdpc.gov.sg/all-commissions-decisions/2020/03/breach-of-the-protection-obligation-by-ssa-group-international	2020-03-19	PERSONAL DATA PROTECTION COMMISSION Case No. DP-1909-B4729 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And SSA Group International Pte Ltd SUMMARY OF THE DECISION 1. The Personal Data Protection Commission (the “Commission”) received a complaint on 6 September 2019 that individuals’ course registration information were publicly accessible via a webpage (the “Webpage”) maintained by SSA Group International Pte Ltd (the “Organisation”). The Webpage contained 53 individuals’ names. Other information disclosed via the Webpage included course titles, sponsorship type, information on how the registrant knew about the Organisation and date of transaction. 2. The Commission found that the Organisation did not adopt reasonable steps to protect personal data in its possession or control against risk of unauthorised access. First, there were no authentication mechanisms in place to limit access to the Webpage. As such, the Webpage was indexed by search engines and made publicly searchable online. Second, there were no formal instructions provided to the developer of the Webpage to protect the contents during its creation in April 2018. Finally, there were no security reviews, including vulnerability scanning, conducted for the Webpage by the Organisation since its creation. As such, the fact that the Webpage was freely accessible from the Internet went undetected for more than a year. 3. On the facts above, the Deputy Commissioner for Personal Data Protection found the Organisation in breach of section 24 of the Personal Data Protection Act 2012. 4. In deciding to issue a warning to the Organisation, the Deputy Commissioner also took into account the following considerations: a) The Organisation’s representation that the Webpage had not been easy to locate was incorrect. An online search of the names of the 53 affected individuals produced the Webpage’s URL. b) The remedial measures taken by the Organisation, the type of personal data at risk, the inadvertent natu…	Warning	4704e4fd9c80a645d09bbc78969a691237116a56	[ "pdf-content", "timestamp", "decision", "pdf-url", "tags", "nature", "url", "title", "date", "description" ]
2023-10-01T11:02:10+08:00	fbd32491db44d3d0c97aa12a99cefd61ec954264	104	104	1	952	Both MCST 3593 and New-E Security failed to put in place reasonable security arrangements to prevent the unauthorised disclosure of CCTV footage of a common property at Marina Bay Residences. MCST3593 also failed to appoint a data protection officer and put in place policies and practices necessary for the organisation to comply with the PDPA.	[ "Protection", "Accountability", "Financial Penalty", "Directions" ]	2020-03-19	https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Decision---MCST-3593-and-Others---02032020.pdf	Protection, Accountability	Breach of the Protection and Accountability Obligations by MCST 3593 and Breach of the Protection Obligation by New-E Security	https://www.pdpc.gov.sg/all-commissions-decisions/2020/03/breach-of-the-protection-and-accountability-obligations-by-mcst-3593-and-breach-of-the-protection-obligation-by-new-e-security	2020-03-19	PERSONAL DATA PROTECTION COMMISSION [2020] SGPDPC 6 Case No DP-1903-B3554 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And (1) Management Corporation Strata Title Plan No. 3593 (2) Edmund Tie & Company Property Management Services Pte Ltd (3) New-E Security Pte Ltd … Organisations DECISION 1 Management Corporation Strata Title Plan No. 3593 & Others [2020] SGPDPC 6 Yeong Zee Kin, Deputy Commissioner — Case No DP-1903-B3554 2 March 2020 Introduction 1 On 19 March 2019, Edmund Tie & Company Property Management Services Pte Ltd (“ETCPM”) on behalf of Management Corporation Strata Title Plan No. 3593 (“MCST 3593”) notified the Personal Data Protection Commission (the “Commission”) of unauthorised disclosure of closed-circuit television (“CCTV”) footage recorded at the premises of MCST 3593, known as Marina Bay Residences (the “Condominium”), by NewE Security Pte Ltd (“New-E”), a company providing security services at the Condominium, to an owner resident of a unit at the condominium (the “Incident”). Facts of the Case 2 MCST 3593 had appointed ETCPM as the managing agent of the Condominium since 2012. In November 2014, MCST 3593 had also engaged New-E to provide security services at the Condominium. ETCPM’s scope of work as managing agent included supervising New-E to ensure it carried out its duties properly. 3 On 1 February 2019, an owner resident of a unit at the Condominium (the “Resident”) approached the security supervisor on duty, who was an employee of New-E (the “Security Supervisor”), to request a copy of the CCTV footage of the Condominium’s lobby on 29 January 2019 between 9.00 pm to 9.30 pm (the “Requested CCTV Footage”). The Requested CCTV Footage had captured images of identifiable individuals who had passed through the common property during that period, and hence contained personal data of those individuals. The Security Supervisor proceeded to review the CCTV recordings and used his mobile phone to record a copy of the Requested CCTV Fo…	Financial Penalty, Directions	eeb49dfd4acb4b4db0e54f38d3c03d45e12085b1	[ "pdf-content", "timestamp", "decision", "pdf-url", "tags", "nature", "url", "title", "date", "description" ]
2023-10-01T11:02:10+08:00	fbd32491db44d3d0c97aa12a99cefd61ec954264	105	105	1	952	Both MCST 4375 and A Best Security Management failed to put in place reasonable security arrangements to prevent the unauthorised disclosure of CCTV footage of an individual injured by a falling glass door at Alexandra Central Mall. MCST 4375 also failed to put in place policies and practices necessary for the organisation to comply with the PDPA.	[ "Protection", "Accountability", "Directions" ]	2020-03-19	https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/MCST-4375-and-Others---Decision---03022020.pdf	Protection, Accountability	Breach of the Protection and Accountability Obligations by MCST 4375 and Breach of the Protection Obligation by A Best Security Management	https://www.pdpc.gov.sg/all-commissions-decisions/2020/03/breach-of-the-protection-and-accountability-obligations-by-mcst-4375-and-breach-of-the-protection-obligation-by-a-best-security-management	2020-03-19	PERSONAL DATA PROTECTION COMMISSION [2020] SGPDPC 4 Case No. DP-1903-B3437 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And (1) Management Corporation Strata Title Plan No. 4375 (2) Smart Property Management (Singapore) Pte Ltd (3) A Best Security Management Pte Ltd … Organisations DECISION Management Corporation Strata Title Plan No. 4375 & Others [2020] SGPDPC 4 Yeong Zee Kin, Deputy Commissioner — Case No DP-1903-B3437 3 February 2020 Introduction 1 In late February 2019, a woman was injured when a glass door fell on her at the premises of Management Corporation Strata Title Plan No. 4375 (“MCST 4375”), also known as Alexandra Central Mall (the “Mall”). The Personal Data Protection Commission (the “Commission”) subsequently became aware that closed-circuit television (“CCTV”) footage showing the glass door falling on the woman was disclosed on the Internet (the “Incident”). Facts of the Case 2 At the time of the incident, MCST 4375 had appointed Smart Property Management (Singapore) Pte Ltd (“SPMS”) as its managing agent and A Best Security Management Pte Ltd (“ABSM”) to provide security services at the Mall. These appointments took effect from 1 July 2018 and 1 June 2018 respectively. SPMS’ scope of work as managing agent included supervising service providers such as ABSM to ensure it carried out its duties properly. 3 On 24 February 2019, the senior security supervisor from ABSM (the “SSS”) who was on duty at the Mall’s Fire Control Centre, saw a glass door fall on a woman at Level 4 of the Mall’s car park lift lobby (the “Accident”) through Management Corporation Strata Title Plan No. 4375 & Others [2020] SGPDPC 4 the CCTV monitors. The SSS immediately called for an ambulance and notified MCST 4375’s Property Officer and ABSM’s Operations Manager of the Accident. Shortly thereafter, MCST 4375’s Property Officer asked the SSS to send her a copy of CCTV footage of the Accident. In response to this request, the SSS replayed the portion of t…	Directions	c9534d20c08d9b7217ff8dd7e875c02139ab7e2a	[ "pdf-content", "timestamp", "decision", "pdf-url", "tags", "nature", "url", "title", "date", "description" ]

Advanced export

JSON shape: default, array, newline-delimited

CREATE VIEW pdpc_decisions_version_detail AS select
  commits.commit_at as _commit_at,
  commits.hash as _commit_hash,
  pdpc_decisions_version.*,
  (
    select json_group_array(name) from columns
    where id in (
      select column from pdpc_decisions_changed
      where item_version = pdpc_decisions_version._id
    )
) as _changed_columns
from pdpc_decisions_version
  join commits on commits.id = pdpc_decisions_version._commit;

pdpc_decisions_version_detail (view)

3 rows where "date" is on date 2020-03-19

Advanced export