data: pdpc_decisions_version_detail: 3 rows where nature = "Protection, Protection"

3 rows where nature = "Protection, Protection"

descending

_commit_at	_commit_hash	_id	_item	_version	_commit	description	tags	date	pdf-url	nature	title	url	timestamp	pdf-content	decision	_item_full_hash	_changed_columns
2023-10-01T11:02:10+08:00	fbd32491db44d3d0c97aa12a99cefd61ec954264	137	137	1	952	Financial penalties of $4,000 and $7,000 were imposed on Zero1 and XDel respectively for failing to put in place reasonable measures to protect the personal data of the subscribers of Zero1.	[ "Protection", "Protection", "Financial Penalty", "Financial Penalty", "Information and Communications", "Information and Communications", "Mobile", "Telco", "Courier" ]	2019-10-10	https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds-of-Decision---Zero1-and-XDel.pdf	Protection, Protection	Breach of the Protection Obligation by Zero1 and XDel	https://www.pdpc.gov.sg/all-commissions-decisions/2019/10/breach-of-the-protection-obligation-by-zero1-and-xdel	2019-10-10	PERSONAL DATA PROTECTION COMMISSION [2019] SGPDPC 37 Case No DP-1803-B1866 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And Zero1 Pte. Ltd. XDEL Singapore Pte. Ltd. … Organisations DECISION Zero1 Pte. Ltd. XDEL Singapore Pte Ltd [2019] SGPDPC 37 Tan Kiat How, Commissioner — Case No DP-1803-B1866 16 September 2019. Background 1 Zero1 Pte. Ltd. (“Zero1”) is a Mobile Virtual Network Operator founded in 2017. In order to deliver its SIM cards to its customers, Zero1 contracted XDEL Singapore Pte Ltd (“XDEL”) for courier services. In the course of delivering the SIM cards, XDEL inadvertently disclosed the personal data of Zero1’s customers. Central to this case is the question of whether XDEL and Zero1 (collectively referred to as the “Organisations”) had made reasonable security arrangements to protect the personal data of Zero1’s customers pursuant to their obligations under the Personal Data Protection Act 2012 (“PDPA”). Material Facts 2 In March 2018, XDEL was appointed by Zero1 to deliver SIM cards to the latter’s subscribers. Zero1’s subscribers would register for mobile services using Zero1’s website. After their application had been processed, Zero1 would provide to XDEL the subscriber’s information (including the subscriber’s name, NRIC number, delivery address and contact number), the SIM card number and the subscriber’s preferred time of delivery. In the event that the customer had authorised another person to receive the SIM card on his or her behalf (an Zero1 Pte. Ltd. and XDEL Singapore Pte. Ltd. [2019] SGPDPC 37 “authorised recipient”), the authorised recipient’s information (name, NRIC number, contact number and delivery address) would additionally be provided to XDEL. 3 Each Zero1 subscriber was provided with a unique URL link which would allow them to access a customised delivery notification webpage through which they could monitor the status of their SIM card delivery (the “notification webpage”). It was through the notification webpa…	Financial Penalty, Financial Penalty	f6fb3aeaa2483b2aa1c8060f6e827d7401bf887c	[ "pdf-content", "timestamp", "decision", "pdf-url", "tags", "nature", "url", "title", "date", "description" ]
2023-10-01T11:02:10+08:00	fbd32491db44d3d0c97aa12a99cefd61ec954264	147	147	1	952	A financial penalty of $24,000 and $12,000 was imposed on CDP and Toppan Security Printing respectively for failing to put in place reasonable security arrangements to protect the data of CDP’s account holders from unauthorised disclosure. The incident resulted in other account holders’ data being printed on another account holder’s notification letter. An application for reconsideration was made by Toppan Security Printing. Upon reconsideration, directions in the decision were varied.	[ "Protection", "Protection", "Financial Penalty", "Financial Penalty", "Transport and Storage", "Admin and Support Services" ]	2019-08-02	https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Updated-as-of-15-Nov-2019-Decision---CDP-and-Toppan---220719.pdf	Protection, Protection	Breach of the Protection Obligation by CDP and Toppan Security Printing	https://www.pdpc.gov.sg/all-commissions-decisions/2019/08/breach-of-the-protection-obligation-by-cdp-and-toppan-security-printing	2019-08-02	PERSONAL DATA PROTECTION COMMISSION [2019] SGPDPC 24 Case No DP-1706-B0895 and DP-1707-B0908 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And 1. The Central Depository (Pte) Limited 2. Toppan Security Printing Pte Ltd …Organisation(s) DECISION Editorial note: An application for reconsideration was filed against the decision in Re Central Depository (Pte) Limited & Anor [2019] SGPDPC 24. Pursuant to this application, the Commissioner has decided to reduce the financial penalty imposed on the Organisation from $18,000 to $12,000. As the application did not give rise to significant legal or factual issues, a separate decision on the application will not be published. Re The Central Depository (Pte) Limited & Anor. [2019] SGPDPC 24 Tan Kiat How, Commissioner – Case No DP-1706-B0895 – Case No DP-1707B0908 22 July 2019 1. Organisations may employ vendors to carry out the printing and mailing of documents containing the personal data of their customers on their behalf. The process may involve both the organisations and vendors, which requires a concerted effort to protect personal data. This case presents the issue of division of responsibility in protecting personal data under the PDPA in such circumstances. Background and Material Facts 2. This case concerns the unauthorised disclosure of personal data of 1,358 account holders of the Central Depository (Pte) Limited (“CDP”) when their personal data was wrongly printed in the notification letters of other account holders and sent out. The incident occurred on or about 27 June 2017. 3. The exposed data included the name and/or CDP securities account number (“exposed primary identifiers”) which constitute personal data of the individual. In some notification letters, additional information on the securities owned by the Re Central Depository (Pte) Limited & Anor [2019] SGPDPC 24 individual (eg name of security and total amount of dividends or distribution for the security) was also disclosed. These, w…	Financial Penalty, Financial Penalty	850caf449162034d53605762c40ce355aee93042	[ "pdf-content", "timestamp", "decision", "pdf-url", "tags", "nature", "url", "title", "date", "description" ]
2023-10-01T11:02:10+08:00	fbd32491db44d3d0c97aa12a99cefd61ec954264	168	168	1	952	A financial penalty of $250,000 and $750,000 was imposed on SingHealth and IHiS respectively for the failure to make reasonable security arrangements to protect personal data of individuals.	[ "Protection", "Protection", "Financial Penalty", "Financial Penalty", "Healthcare", "Healthcare", "Patient", "Prescription" ]	2019-01-15	https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds-of-Decision---SingHealth-IHiS---150119.pdf	Protection, Protection	Breach of the Protection Obligation by SingHealth and IHiS	https://www.pdpc.gov.sg/all-commissions-decisions/2019/01/breach-of-the-protection-obligation-by-singhealth-and-ihis	2019-01-15	COMMISSIONER FOR PERSONAL DATA PROTECTION [2019] SGPDPC 3 Case No DP-1807-B2435 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And (1) Singapore Health Services Pte. Ltd. (UEN No. 200002698Z) (2) Integrated Health Information Systems Pte. Ltd. (UEN No. 200814464H) … Organisations DECISION Singapore Health Services Pte. Ltd. & Ors. [2019] SGPDPC 3 Tan Kiat How, Commissioner — Case No DP-1807-B2435 14 January 2019 1 This case concerns the worst breach of personal data in Singapore’s history. In an unprecedented cyber attack on the Singapore Health Services Pte Ltd’s (“SingHealth”) patient database system, the personal data of some 1.5 million patients and the outpatient prescription records of nearly 160,000 patients were exfiltrated in a cyber attack (the “Data Breach”). 2 Following the announcement on 20 July 2018 by the Ministry of Communications and Information and the Ministry of Health (“MOH”), a four-member Committee of Inquiry (“COI”) was convened by the Minister for Communications and Information to look into the cyber attack, find out what went wrong and recommend ways to better safeguard critical systems. The COI concluded its hearings and submitted its report on 31 December 2018 to the Minister-in-charge of Cyber Security. The public report of the COI’s findings was released on 10 January 2019 (“Public COI Report”). 3 Soon after the announcement of the Data Breach, the Personal Data Protection Commission (the “Commission”) received several complaints from members of the public regarding the Data Breach. The Commission commenced its investigations thereafter (“Investigation”). The organisations involved were SingHealth and Integrated Health Information Systems Pte Ltd (“IHiS”). 4 SingHealth and IHiS (collectively, the “Organisations”) agreed to cooperate with the Commission to expedite the Investigation and determination of liability and for the Commission to issue such directions that it deems fit on the basis of the Organisations’ represent…	Financial Penalty, Financial Penalty	529077b825a4378024230d1f85b9a927e210cc55	[ "pdf-content", "timestamp", "decision", "pdf-url", "tags", "nature", "url", "title", "date", "description" ]

Advanced export

JSON shape: default, array, newline-delimited

CREATE VIEW pdpc_decisions_version_detail AS select
  commits.commit_at as _commit_at,
  commits.hash as _commit_hash,
  pdpc_decisions_version.*,
  (
    select json_group_array(name) from columns
    where id in (
      select column from pdpc_decisions_changed
      where item_version = pdpc_decisions_version._id
    )
) as _changed_columns
from pdpc_decisions_version
  join commits on commits.id = pdpc_decisions_version._commit;

pdpc_decisions_version_detail (view)

3 rows where nature = "Protection, Protection"

Advanced export