pdpc_decisions_version_detail (view)
1 row where nature = "Protection, Accountability, Transfer Limitation"
This data as json, CSV (advanced)
Suggested facets: _commit_at (date), date (date), timestamp (date), tags (array), _changed_columns (array)
| _commit_at | _commit_hash | _id | _item | _version | _commit | description | tags | date | pdf-url | nature | title | url | timestamp | pdf-content | decision | _item_full_hash | _changed_columns |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 149 | 149 | 1 | 952 | Directions, including a financial penalty of $20,000, were issued to Spize Concepts for breaches of the PDPA. Amongst the breaches, the organisation failed to appoint a data protection officer and did not make reasonable security arrangements to prevent the unauthorised disclosure of customers’ personal data. | [
"Protection",
"Accountability",
"Transfer Limitation",
"Financial Penalty",
"Accommodation and F&B"
] |
2019-07-04 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds-of-Decision---Spize-Concepts-Pte-Ltd---040719.pdf | Protection, Accountability, Transfer Limitation | Breach of the Protection, Openness and Transfer Limitation Obligations by Spize Concepts | https://www.pdpc.gov.sg/all-commissions-decisions/2019/07/breach-of-the-protection--openness-and-transfer-limitation-obligations-by-spize-concepts | 2019-07-04 | PERSONAL DATA PROTECTION COMMISSION [2019] SGPDPC 22 Case No DP-1708-B1027 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And Spize Concepts Pte Ltd …Organisation DECISION Spize Concepts Pte Ltd [2019] SGPDPC 22 Tan Kiat How, Commissioner – Case No DP-1708-B1027 4 July 2019 Background 1. This complaint concerns an incident involving the personal data of customers of Spize Concepts Pte Ltd (“Spize”). Spize operates a chain of food & beverage outlets in Singapore. Part of its offering involves allowing customers to place orders through its online portal, https://orders.spize.sg (“Site”). The orders placed online will then be delivered to the customer at the stipulated address. Material facts 2. On 12 August 2017, the Personal Data Protection Commission (“PDPC”) received a complaint from a member of the public regarding the Site. A link on the Site named “Call Center” (“Link”) had allowed members of the public to view 3 tabs: “Customer Ordering”, “Restaurants” and “Order Dashboard”. Under the “Order Dashboard” tab, approximately 148 customers’ personal data – specifically their names, contact numbers, email addresses and residential addresses (“personal data sets”) – were disclosed (“Incident”). The Incident was caused by a user logging onto the Managing Director’s administrator account to enable the Link to be publicly accessible on or around 9 February 2017. The Link was intended only for internal use and not accessible to the public. Re Spize Concepts Pte Ltd 3. [2019] SGPDPC 22 Spize engaged Novadine, Inc. (“Novadine”) to develop and host their Site and online ordering system in or around 2012. Personal data sets collected through the online ordering system were stored in databases within Novadine’s servers. Upon receiving news of the Incident on 14 August 2017, Spize requested Novadine to rectify the weakness in the Site. Novadine subsequently disabled the Link. The Link has not been publicly accessible since 16 August 2017. Findings and Basis … | Financial Penalty | d2a83fa4e562a8fb8618db0b9b1298c7bbad707f | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
Advanced export
JSON shape: default, array, newline-delimited
CREATE VIEW pdpc_decisions_version_detail AS select
commits.commit_at as _commit_at,
commits.hash as _commit_hash,
pdpc_decisions_version.*,
(
select json_group_array(name) from columns
where id in (
select column from pdpc_decisions_changed
where item_version = pdpc_decisions_version._id
)
) as _changed_columns
from pdpc_decisions_version
join commits on commits.id = pdpc_decisions_version._commit;