pdpc_decisions_version_detail (view)
7 rows where nature = "Consent, Notification"
This data as json, CSV (advanced)
Suggested facets: decision, _commit_at (date), date (date), timestamp (date), tags (array), _changed_columns (array)
| _commit_at | _commit_hash | _id | _item | _version | _commit | description | tags | date | pdf-url | nature | title | url | timestamp | pdf-content | decision | _item_full_hash | _changed_columns |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 29 | 29 | 1 | 952 | Ngian Wen Hao Dennis, Chua Puay Hwa Melissa and Winarto were found in breach of the PDPA and issued warnings in relation to two incidents involving the unauthorised collection and disclosure of individuals’ personal data in 2019 and 2020. | [
"Consent",
"Notification",
"Warning",
"Finance and Insurance"
] |
2022-06-16 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Decision---Dennis-Ngian--Others---08032022.pdf | Consent, Notification | Breach of the Consent and Notification Obligations by three insurance financial advisers | https://www.pdpc.gov.sg/all-commissions-decisions/2022/06/breach-of-the-consent-and-notification-obligations-by-three-insurance-financial-advisers | 2022-06-16 | PERSONAL DATA PROTECTION COMMISSION Case No. DP-2109-B8857 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And (1) Ngian Wen Hao Dennis (2) Chan Puay Hwa Melissa (3) Winarto (4) Aviva Financial Advisers Pte Ltd SUMMARY OF THE DECISION 1. On 7 September 2021, the Personal Data Protection Commission (the “Commission”) was notified of two incidents involving unauthorised disclosure and collection of personal data by three individuals. 2. Ngian Wen Hao Dennis (“Dennis”) was an Aviva Financial Advisers Pte Ltd (“AFA”) representative between December 2017 and February 2019. In March 2019 and August 2020, Dennis approached two insurance financial advisers, Chua Puay Hwa Melissa (“Melissa”) and Winarto, to offer them a list of client leads, stating that he was leaving the insurance industry and looking for a reliable agent 1 to take over his clientele. Melissa and Winarto each said they paid $1,000 to Dennis for the list (the “Incidents”). 3. The list contained approximately 1,000 clients’ names, mailing addresses, contact numbers and the names of organisations underwriting the hospitalisation plans bought by the clients (“Personal Data Sets”). 4. The PDPA defines “organisations” to include individuals. As held in Re Sharon Assya Qadriyah Tang1, individuals who collect, use or disclose personal data otherwise than in a personal or domestic capacity will be treated as organisations within the meaning of the Act, and are obliged to comply with the Data Protection Provisions. In this case, we are of the view that it is clear that Dennis, Melissa and Winarto can be regarded as an “organisation” as defined under the PDPA for a number of reasons. First, the trio had bought and sold the client leads for work and business purposes, with the aim of generating an income or profit, and cannot be said to have been acting in a personal or domestic capacity. 5. Second, Dennis, Melissa and Winarto were not employees. In Re Ang Rui Song2, the Commission found that the respondent, … | Warning | 11afc51e552a655c8c243aa724648b2011a2eb25 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 139 | 139 | 1 | 952 | Amicus Solutions and a financial consultant were issued directions, including to pay financial penalties of $48,000 and $10,000 respectively, for breaches of the PDPA. Amicus Solutions failed to notify and obtain consent for the disclosure of individuals’ personal data that it sold to the financial consultant who used such personal data for telemarketing purposes. | [
"Consent",
"Notification",
"Financial Penalty",
"Admin and Support Services",
"Finance and Insurance"
] |
2019-10-10 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds-of-Decision--Amicus-Solutions-Pte-Ltd---Another.pdf | Consent, Notification | Breach of the Consent and Notification Obligations by Amicus Solutions and a Financial Consultant | https://www.pdpc.gov.sg/all-commissions-decisions/2019/10/breach-of-the-consent-and-notification-obligations-by-amicus-solutions-and-a-financial-consultant | 2019-10-10 | PERSONAL DATA PROTECTION COMMISSION [2019] SGPDPC [33] Case No DP-1610-B0290 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And (1) Amicus Solutions Pte. Ltd. (UEN No. 201534661R) (2) Ivan Chua Lye Kiat … Organisations DECISION Amicus Solutions Pte. Ltd. & Anor. [2019] SGPDPC 33 Amicus Solutions Pte. Ltd. & Anor. [2019] SGPDPC 33 Tan Kiat How, Commissioner — Case No DP-1610-B0290 30 August 2019 1 The Personal Data Protection Commission (the “Commission”) received a complaint regarding the unauthorised collection and use of personal data to market financial products. Investigations were commenced into the alleged unauthorised sale and disclosure of personal data by a data broker and the unauthorised collection and use of the personal data for telemarketing purposes. Upon conclusion of investigations and consideration of the totality of evidence, the Commissioner found Amicus Solutions Pte. Ltd. (“Amicus”) and Mr Ivan Chua Lye Kiat (“Mr Chua”) to be in breach of the Personal Data Protection Act 2012 (“PDPA”) for the reasons set out in these grounds. Material Facts 2 An independent life insurance brokerage company (the “Insurance Brokerage”) appointed Mr Chua as a financial adviser director to provide financial advisory services and to market financial products distributed by the Insurance Brokerage to prospective clients in accordance with the terms set out in a Financial Adviser Representative Agreement. He oversees a team of financial adviser representatives. Their main products are Eldershield related insurance policies targeted at individuals over 40 years old. 2 Amicus Solutions Pte. Ltd. & Anor. 3 [2019] SGPDPC 33 It is undisputed that Mr Chua and the financial adviser representatives in his team are not employees of the Insurance Brokerage but independent agents. As independent agents, they receive a commission for each sale but are not in an employer-employee relationship with the Insurance Brokerage nor are they entitled to any employe… | Financial Penalty | f9c77b604588fd22b9623d2884cfc03d6a7dbbb3 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 158 | 158 | 1 | 952 | A warning was issued to Skinny’s Lounge for failing to ensure that consent was obtained from its patrons to re-play recorded CCTV footage on a screen in its public lounge. Skinny’s Lounge also failed to provide due notification to its patrons on the full purposes of the CCTV footage recorded at its premises. | [
"Consent",
"Notification",
"Warning",
"Arts, Entertainment and Recreation",
"KTV",
"Karaoke"
] |
2019-06-11 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds-of-Decision---Skinnys-Lounge---110619.pdf | Consent, Notification | Breach of the Consent and Notification Obligations by Skinny's Lounge | https://www.pdpc.gov.sg/all-commissions-decisions/2019/06/breach-of-the-consent-and-notification-obligations-by-skinny-s-lounge | 2019-06-11 | PERSONAL DATA PROTECTION COMMISSION [2019] SGPDPC 13 Case No DP-1806-B2267 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And Skinny’s Lounge … Organisation DECISION Skinny’s Lounge [2019] SGPDPC 13 Skinny’s Lounge Yeong Zee Kin, Deputy Commissioner — Case No DP-1806-B2267 11 June 2019 Background 1 The Organisation is a Karaoke Television (“KTV”) bar located in Boat Quay. The central issue in this case is whether the Organisation had valid consent from its patrons to disclose their images recorded on closed-circuit camera footage (“CCTV Footage”). The disclosure was on a screen in a publicly accessible area of its premises. 2 Following an investigation into the matter, I found the Organisation in breach of section 13(a) read with section 18 and with section 20(1) of the Personal Data Protection Act (“PDPA”). Material Facts 3 The Organisation had one KTV Room on its premise. The KTV Room had a sign beside the TV screen which read “Smile you are being recorded”. Patrons using the KTV Room were then recorded on CCTV Footage streamed “live” onto a screen in the Organisation’s public lounge (“Public Screen”) for general viewing. 4 On or before 19 June 2018, the Complainant and her friends used the KTV Room and their images were live-streamed onto the Public Screen. After the Complainant and her friends left, the CCTV in the KTV Room malfunctioned. With the live streaming disrupted, the Organisation played on the Public Screen randomly selected recorded CCTV Footage. This included CCTV Footage of the Complainant and her friends which was replayed on the Public Screen for “a day or two”. After the Complainant found out about the replaying of the CCTV Footage, she lodged a complaint with the Personal Data Protection Commission (“PDPC”) on 19 June 2018. 2 Skinny’s Lounge [2019] SGPDPC 13 Findings and Basis for Determination 5 The provisions relevant to this case are as follows: (a) Section 13(a) of the PDPA states that organisations are prohibited fro… | Warning | ee7c19d8e4e94c3b494bfbe6567abae917e4cd07 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 199 | 199 | 1 | 952 | A financial penalty of $6,000 was imposed on an individual for selling a database containing personal data, without notifying the individuals involved. | [
"Consent",
"Notification",
"Financial Penalty",
"Wholesale and Retail Trade"
] |
2018-01-11 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/GroundsofDecisionSharonAssyaQadriyahTang110118.pdf | Consent, Notification | Breach of the Consent and Notification Obligations by an Individual Selling Personal Data | https://www.pdpc.gov.sg/all-commissions-decisions/2018/01/breach-of-the-consent-and-notification-obligations-by-an-individual-selling-personal-data | 2018-01-11 | PERSONAL DATA PROTECTION COMMISSION [2018] SGPDPC 1 Case No DP-1701-B0485 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And Sharon Assya Qadriyah Tang … Organisation DECISION Sharon Assya Qadriyah Tang [2018] SGPDPC 1 Tan Kiat How, Commissioner — Case No DP-1701-B0485 11 January 2018 Background 1 This is the first reported case of an individual (the “Respondent”) who was involved in the unauthorised selling of personal data. The facts disclose a straightforward breach of the Personal Data Protection Act 2012 (“PDPA”), and the Respondent does not deny committing the infringing acts. The Commissioner has accordingly found the Respondent in breach of sections 13 and 20 of the PDPA. 2 The Commissioner’s findings and grounds of decision are set out below. Material Facts 3 The Respondent was employed as a telemarketer from 2004 to 2014. Sometime in 2012, the Respondent started purchasing ‘leads’ to expand the reach of her marketing in order to hit her sales targets. These ‘leads’ typically comprised an individual’s name, NRIC number, mobile number and annual income range. A lead would typically cost between $0.20 and $0.30. 4 The Respondent bought the leads from unknown online sellers and did not retain the details of these transactions. Also, the Respondent did not check Sharon Assya Qadriyah Tang [2018] SGPDPC 1 or verify with the sellers that the leads she purchased were obtained legitimately with the individuals’ consent. 5 On average, the Respondent would buy approximately 10,000 leads per year. According to the Respondent, her first purchase of leads was sometime in late 2012 and her last purchase was sometime in either May or June 2014. At the material time, the Respondent had in her possession approximately 30,990 leads. The leads were stored in Microsoft Excel spreadsheets. 6 From late 2012 up until 23 February 2017, the Respondent estimated that she had re-sold the leads she had bought about 9 to 10 times, typically charging customers … | Financial Penalty | 7c97ac65ddddd62ae8a119b6caa4338a79492ebb | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 211 | 211 | 1 | 952 | A joint decision was issued for three separate cases involving Management Corporation Strata Title and managing agents of condominiums. The parties were found not to be in breach for disclosing names of unit holders, unit numbers and voting shares of subsidiary proprietors via minutes and voters lists. | [
"Consent",
"Notification",
"Not in Breach",
"Real Estate"
] |
2017-06-12 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/grounds-of-decision---3-mcst-ma---120617.pdf | Consent, Notification | No Breach of Consent and Notification Obligations by MCST and Managing Agents of Condominiums | https://www.pdpc.gov.sg/all-commissions-decisions/2017/06/no-breach-of-consent-and-notification-obligations-by-mcst-and-managing-agents-of-condominiums | 2017-06-12 | DECISION OF THE PERSONAL DATA PROTECTION COMMISSION Case Number: DP-1607-B0117 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And (1) Exceltec Property Management Pte Ltd (2) Management Corporation Strata Title Plan No 2956 (3) Strata Land Property Consultants Pte Ltd ... Organisations Decision Citation: [2017] SGPDPC 8 GROUNDS OF DECISION 12 June 2017 A. BACKGROUND 1. This decision arises from three separate cases involving Management Corporation Strata Title (“MCSTs”) and managing agents (collectively, the “Organisations”) of condominiums posting documents containing the personal data of subsidiary proprietors (hereinafter will be referred to as “residents”) on notice boards. The nature of the complaints was that the disclosures made of these personal data was an infringement of the Personal Data Protection Act 2012 (“PDPA”). 2. The Personal Data Protection Commission (the “Commission”) commenced investigations into the matter, and provides its decision below. 3. Although the three cases involve different residents and managing agents of condominiums, the facts of the three cases are substantially similar and the legal issues involved are identical. Therefore, this consolidated decision is issued for the three cases. 1 B. MATERIAL FACTS AND DOCUMENTS 4. Between 29 June and 27 July 2016, the Commission received complaints from several residents of three condominiums (namely, (1) Prive, (2) The Mornington, and (3) Seletaris) against the condominiums’ respective MCST or managing agents, namely, (1) Exceltec Property Management Pte Ltd (“Exceltec”), (2) Management Corporation Strata Title Plan No 2956 (“MCST 2956”), and (3) Strata Land Property Consultants Pte Ltd (“Strata Land”) respectively: 5. a. In the first case, three residents (“1st Complainants”), complained that Exceltec had posted copies of the voter list containing the names, unit numbers, and voting shares of residents, and the draft minutes of the 1st council meeting on 12 July 2016 … | Not in Breach | 2ce165e02e9bb75e1c3bd17b406722924d367851 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 216 | 216 | 1 | 952 | A warning was issued to Executive Coach International for failing to notify and obtain consent from an ex-employee for the disclosure of her personal data. | [
"Consent",
"Notification",
"Warning",
"Education"
] |
2017-03-21 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/grounds-of-decision---executive-coach-international---210317.pdf | Consent, Notification | Breach of Consent and Notification Obligations by Executive Coach International | https://www.pdpc.gov.sg/all-commissions-decisions/2017/03/breach-of-consent-and-notification-obligations-by-executive-coach-international | 2017-03-21 | DECISION OF THE PERSONAL DATA PROTECTION COMMISSION Case Number: DP-1504-A426 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 (the “PDPA”) And Executive Coach International Pte. Ltd. [UEN 200414184R] ... Organisation Decision Citation: [2017] SGPDPC 3 GROUNDS OF DECISION 21 March 2017 BACKGROUND 1. On 20 April 2015, the Complainant, complained to the Personal Data Protection Commission (the “Commission”) that the Organisation had disclosed her past personal history in a WhatsApp group chat comprising the Complainant and the Organisation’s other staff and volunteer trainees (“WhatsApp Group”) without her consent and without notifying her of the purposes for the disclosure. 2. On account of the complaint made, the Commission commenced an investigation under Section 50 of the Personal Data Protection Act 2012 (the “PDPA”) to ascertain whether the Organisation had breached its obligations under the PDPA. The material facts of the case are as follows. MATERIAL FACTS AND DOCUMENTS 3. The Organisation is an organisation which provides life and executive coaching services to individual and corporate clients. The Complainant is a former employee of the Organisation. She was the personal assistant to [Redacted] (Replaced with Mr L), a director of the Organisation. The Complainant has since left the employment of the Organisation on unamicable terms. 4. The WhatsApp Group, comprising of the Organisation’s employees and volunteers, was created on 22 August 2013. The Complainant and Mr L were - 1 - both participants in this WhatsApp Group. At the material time on 7 April 2015, there were a number of other participants in this WhatsApp Group.1 5. On 7 April 2015, Mr L disclosed highly sensitive information of the Complainant’s personal history, namely her past drug problem and issue with infidelity in her amorous relationship, (“Personal Data”) to the participants in the WhatsApp Group. The Organisation has not disputed that the personal history of the Complainant is p… | Warning | 4606cb34276907f06cf0c6913f89d949fec92bb7 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 220 | 220 | 1 | 952 | A warning was issued to Jump Rope (Singapore) for disclosing the personal data of two former employees without consent and notification. | [
"Consent",
"Notification",
"Warning",
"Arts, Entertainment and Recreation"
] |
2016-11-24 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/grounds-of-decision---jump-rope---241116.pdf | Consent, Notification | Breach of Consent and Notification Obligations by Jump Rope (Singapore) | https://www.pdpc.gov.sg/all-commissions-decisions/2016/11/breach-of-consent-and-notification-obligations-by-jump-rope-(singapore) | 2016-11-24 | DECISION OF THE PERSONAL DATA PROTECTION COMMISSION Case Number: DP-1411-A265 JUMP ROPE (SINGAPORE) (UEN No. T13SS0090E) … Respondent Decision Citation: [2016] SGPDPC 21 GROUNDS OF DECISION 24 November 2016 A. BACKGROUND 1. On 1 December 2014, the Personal Data Protection Commission (“Commission”) received a complaint against Jump Rope (Singapore) (the “Respondent”) from a complainant (the “Complainant”) alleging that his personal data had been disclosed in an email sent to various Singapore government schools. 2. The Commission commenced an investigation under Section 50 of the Personal Data Protection Act 2012 (“PDPA”) to ascertain whether there had been a breach by the Respondent of its obligations under the PDPA. B. MATERIAL FACTS AND DOCUMENTS 3. The Respondent is a non-profit society registered with the Registry of Societies that promotes and manages the sport of rope skipping, and provides training to students in Singapore schools. The Respondent was set up by the President of the Respondent, [redacted], who is also the owner and director of Emotion Learning Pte. Ltd. (“Emotion”) and Eltitude Pte. Ltd. (“Eltitude”). Emotion and Eltitude are companies in the business of providing enrichment and CCA education, and enrichment and sports coaching services to schools respectively. 4. Based on the Respondent’s response to the Commission during the investigation, the Commission understands that the Complainant was a former employee of Emotion and Eltitude, who held the designation of Part Time Instructor. The Complainant went through an in-house training program conducted by Emotion, and obtained a certificate in rope skipping coaching, which was issued by the Respondent. 1 5. The Respondent alleged that the Complainant had breached his contract of employment with his employers and had engaged in some unethical activities during the course of his employment. As a result, the Respondent blacklisted the Complainant and revoked his certification. 6. The President of the Respondent then decided to se… | Warning | fe526eedfbd39c4afe655dd5a1fe2bb66ec6b1a7 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
Advanced export
JSON shape: default, array, newline-delimited
CREATE VIEW pdpc_decisions_version_detail AS select
commits.commit_at as _commit_at,
commits.hash as _commit_hash,
pdpc_decisions_version.*,
(
select json_group_array(name) from columns
where id in (
select column from pdpc_decisions_changed
where item_version = pdpc_decisions_version._id
)
) as _changed_columns
from pdpc_decisions_version
join commits on commits.id = pdpc_decisions_version._commit;