pdpc_decisions_version_detail (view)
1 row where "date" is on date 2020-10-16 and title = "Breach of the Protection Obligation by COURTS"
This data as json, CSV (advanced)
Suggested facets: _commit_at (date), date (date), timestamp (date), tags (array), _changed_columns (array)
| _commit_at | _commit_hash | _id | _item | _version | _commit | description | tags | date | pdf-url | nature | title | url | timestamp | pdf-content | decision | _item_full_hash | _changed_columns |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 89 | 89 | 1 | 952 | A financial penalty of $9,000 was imposed on COURTS for failing to put in place reasonable security arrangements to protect the personal data of its members from unauthorised disclosure on its website. Some members were able to gain access to personal data of another member via a link in an email sent by COURTS. | [
"Protection",
"Financial Penalty",
"Wholesale and Retail Trade",
"Inadequate scoping of testing",
"EDM",
"Incorrect Setting"
] |
2020-10-16 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Decision---COURTS-Singapore---140820.pdf | Protection | Breach of the Protection Obligation by COURTS | https://www.pdpc.gov.sg/all-commissions-decisions/2020/10/breach-of-the-protection-obligation-by-courts | 2020-10-16 | PERSONAL DATA PROTECTION COMMISSION [2020] SGPDPC 17 Case No DP-1909-B4731 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And COURTS (Singapore) Pte Ltd. … Organisation DECISION COURTS (Singapore) Pte Ltd [2020] SGPDPC 17 Lew Chuen Hong, Commissioner — Case No DP-1909-B4731 14 August 2020 Introduction 1 On 6 September 2019, COURTS (Singapore) Pte Ltd (the “Organisation”) notified the Personal Data Protection Commission (the “Commission”) that an individual in its membership programme who had received an Electronic Direct Mail (“eDM”) from the Organisation, was able to access, without authentication, data in another individual’s account after clicking on a link (the “New eDM Link”) in the eDM (the “Incident”). Facts of the Case 2 The Organisation is a well-known consumer electronics and furniture retailer, with a number of stores in Singapore. Its membership programme, known as “homeclub by COURTS” (“Homeclub”) gives its members (“Members”) exclusive access to, among other things, events and discounts. The Organisation regularly sends eDMs to Members with links to specific products on the Organisation’s website (the “Website”). COURTS (Singapore) Pte Ltd 3 [2020] SGPDPC 17 The Organisation used a platform called Salesforce to create and send eDMs (the “Platform”) and the Website ran on the Magento system1 (the “System”), an e-commerce platform. The System generated a dynamic session identifier (“SID”) for each login to Homeclub on the Website. This SID would be used for all subsequent activities within the session. 4 On 31 August 2019, the Organisation sent an eDM to 76,844 Members (the “Affected Members”). This eDM, included for the first time, the New eDM Link, which was meant to direct Members to the Homeclub login page. The purpose of the New eDM Link was for Members to log in to their respective Homeclub accounts to update their membership identifier – Members were required to provide their mobile numbers to replace NRIC numbers that were previ… | Financial Penalty | 7b84d1c0b092675d5ee94570a80a3de93072541d | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
Advanced export
JSON shape: default, array, newline-delimited
CREATE VIEW pdpc_decisions_version_detail AS select
commits.commit_at as _commit_at,
commits.hash as _commit_hash,
pdpc_decisions_version.*,
(
select json_group_array(name) from columns
where id in (
select column from pdpc_decisions_changed
where item_version = pdpc_decisions_version._id
)
) as _changed_columns
from pdpc_decisions_version
join commits on commits.id = pdpc_decisions_version._commit;