pdpc_decisions_version_detail (view)
1 row where tags contains "Financial Penalty" and title = "Breach of Protection Obligation by GrabCar"
This data as json, CSV (advanced)
Suggested facets: _commit_at (date), date (date), timestamp (date), tags (array), _changed_columns (array)
| _commit_at | _commit_hash | _id | _item | _version | _commit | description | tags | date | pdf-url | nature | title | url | timestamp | pdf-content | decision | _item_full_hash | _changed_columns |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 156 | 156 | 1 | 952 | A financial penalty of $16,000 was imposed on GrabCar for failing to put in place reasonable security arrangements to protect the personal data of its customers from unauthorised disclosure. Personal data of a customer was disclosed to one other customer via an email sent out by GrabCar. | [
"Protection",
"Financial Penalty",
"Transport and Storage",
"PHV",
"Private Hire Vehicle"
] |
2019-06-11 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds-of-Decision--Grabcar-Pte-Ltd-Emails--110619.pdf | Protection | Breach of Protection Obligation by GrabCar | https://www.pdpc.gov.sg/all-commissions-decisions/2019/06/breach-of-protection-obligation-by-grabcar-financial-penalty | 2019-06-11 | GrabCar Pte. Ltd [2019] SGPDPC 15 COMMISSIONER FOR PERSONAL DATA PROTECTION [2019] SGPDPC 15 Case No DP-1801-B1526 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And (1) GrabCar Pte. Ltd. (UEN No. 201427085E) … Organisation DECISION 1 GrabCar Pte. Ltd [2019] SGPDPC 15 GrabCar Pte. Ltd. Tan Kiat How, Commissioner — Case No DP-1801-B1526 11 June 2019 1 This case concerns the unauthorised disclosure of the names and mobile phone numbers of 120,747 GrabCar Pte. Ltd. (the “Organisation”) customers in marketing emails sent out by the Organisation (the “Incident”). On 5 January 2018, GrabTaxi Holdings Pte. Ltd., a related corporation of the Organisation, 1 notified the Personal Data Protection Commission of the Incident on behalf of the Organisation. The Commissioner’s findings and grounds of decision based on the investigations carried out in this matter are set out below. Material Facts 2 The Organisation is part of the Grab Group, which offers, among other things, ride- hailing transport services, food delivery and payment services on its mobile platform. As part of its marketing strategy, the Organisation regularly conducts marketing campaigns to reach out to targeted customers. These frequently involves sending emails offering special promotions to selected customers. 3 On 17 December 2017, the Organisation sent out 399,751 marketing emails to a targeted group of customers as part of a marketing campaign (“Marketing Campaign”). Out of the emails sent on that date, 120,747 emails contained the name and mobile phone number2 of another customer, i.e. the email was sent to User A’s (the intended recipient) email address but User B’s (the mismatched customer) name and mobile phone number was reflected in the email as that of the intended recipient (the “Mismatched Emails”). 4 Shortly after the Mismatched Emails were sent out, the Organisation’s Customer Experience team reported an increased number of customer queries regarding the unauthorised disclosu… | Financial Penalty | 7e78075cc7309a399647c800c3e751c80479ea85 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
Advanced export
JSON shape: default, array, newline-delimited
CREATE VIEW pdpc_decisions_version_detail AS select
commits.commit_at as _commit_at,
commits.hash as _commit_hash,
pdpc_decisions_version.*,
(
select json_group_array(name) from columns
where id in (
select column from pdpc_decisions_changed
where item_version = pdpc_decisions_version._id
)
) as _changed_columns
from pdpc_decisions_version
join commits on commits.id = pdpc_decisions_version._commit;