pdpc_decisions_version_detail (view)

2 rows where "timestamp" is on date 2023-11-10

View and edit SQL

This data as json, CSV (advanced)

Suggested facets: _commit_at (date), timestamp (date), tags (array), _changed_columns (array)

_commit_at _commit_hash _id _item _version _commit description tags date pdf-url nature title url timestamp pdf-content decision _item_full_hash _changed_columns
2023-11-12T17:45:22+08:00 e73bd1da8813cb4506688ee114b4ae1198ccbe07 265 241 1 955 A financial penalty of $10,000 was imposed on Ascentis for failing to put in place reasonable security arrangements to protect individuals' personal data in its possession or under its control. 
[
    "Protection",
    "Financial Penalty",
    "Admin and Support Services"
]
 10 Nov 2023 https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/GD_Ascentis_12092023.pdf Protection Breach of the Protection Obligation by Ascentis https://www.pdpc.gov.sg/all-commissions-decisions/2023/10/breach-of-the-protection-obligation-by-ascentis 2023-11-10 PERSONAL DATA PROTECTION COMMISSION [2023] SGPDPC 10 Case No. DP-2209-C0193 / DP-2209-C0217 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And Ascentis Pte. Ltd. … Organisation DECISION 1 Ascentis Pte. Ltd. Wong Huiwen Denise, Deputy Commissioner - Case No. DP-2209-C0193 / DP2209-C0217 12 September 2023 Introduction 1 On 13 September 2022, the Personal Data Protection Commission (the “Commission”) was notified by the Singapore Computer Emergency Response Team that the personal data of 332,774 individuals had been exfiltrated from an eCommerce platform (the “Platform”) owned by Starbucks Coffee Singapore Pte Ltd (“Starbucks SG”) and offered for sale online (the “Incident”). 2 The Commission commenced investigations to determine whether the circumstances of the Incident disclosed any contraventions of the Personal Data Protection Act 2012 (“PDPA”). For the reasons set out below, the Commission determined that the developer of the Platform, Ascentis Pte Ltd (“the Organisation”) had contravened section 24 of the PDPA (“the Protection Obligation”) in the context of the Incident. 3 The Organisation requested and agreed for the investigation to be handled under the Commission’s Expedited Breach Decision Procedure, and voluntarily provided and admitted to the facts set out below. The Organisation also admitted that 2 it had failed to implement reasonable security arrangements to protect the personal data exfiltrated during the Incident, in breach of the Protection Obligation. 4 The Commission also accepted a voluntary undertaking from Starbucks SG pursuant to section 48L(1)(a) of the PDPA for Starbucks SG to implement enhanced security arrangements to improve its compliance with the PDPA1. No further enforcement action was taken against Starbucks SG. Facts of the Case The CRM System and CRM Database 5 The Organisation is in the business of developing, providing and integrating software solutions for Customer Relationship Management and eCommerce. … Financial Penalty 441daf2d082c67ef00a31a74d3bbd15b659147a5 
[
    "pdf-content",
    "timestamp",
    "decision",
    "pdf-url",
    "tags",
    "nature",
    "url",
    "title",
    "date",
    "description"
]
2023-11-12T17:45:22+08:00 e73bd1da8813cb4506688ee114b4ae1198ccbe07 266 242 1 955 A financial penalty of $82,000 was imposed on Tokyo Century Leasing for failing to put in place reasonable security arrangements to protect individuals' personal data in its possession or under its control. 
[
    "Protection",
    "Financial Penalty",
    "Finance and Insurance",
    "Vulnerability"
]
 10 Nov 2023 https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/GD_Tokyo_Century_Leasing_040923.pdf Protection Breach of the Protection Obligation by Tokyo Century Leasing https://www.pdpc.gov.sg/all-commissions-decisions/2023/10/breach-of-the-protection-obligation-by-tokyo-century-leasing 2023-11-10 PERSONAL DATA PROTECTION COMMISSION [2023] SGPDPC 9 Case No. DP-2206-B9897 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And Tokyo Century Leasing (Singapore) Pte. Ltd. … Organisation DECISION Page 1 of 14 Tokyo Century Leasing (Singapore) Pte. Ltd. Lew Chuen Hong, Commissioner - Case No. DP-2206-B9897 4 September 2023 Introduction 1 On 14 June 2022, the Personal Data Protection Commission (the “Commission”) was notified by Tokyo Century Leasing (Singapore) Pte. Ltd. (the “Organisation”) of a ransomware attack which resulted in the encryption of the personal data of 141,412 individuals (“Incident”). 2 The Organisation requested that the investigation be handled under the Commission’s Expedited Breach Decision Procedure. The Organisation voluntarily provided and admitted to the facts set out below, and admitted that it had failed to implement reasonable security arrangements to protect the personal data accessed and encrypted during the Incident, in breach of section 24 of the Personal Data Protection Act 2012 (“PDPA”). Facts of the Case 3 The Organisation is in the leasing and hire-purchase business. It operates a website through which existing or potential customers may submit applications to enter into hire-purchase or leasing agreements. Page 2 of 14 4 On 12 June 2022, the Organisation was notified by a customer that he was unable to submit an online application. The Organisation conducted an internal investigation and discovered that 7 servers and 6 employee computers had been infected with ransomware, resulting in the encryption of the personal data of 141,412 individuals, comprising: a) 111,156 customers whose personal data consisted of name, NRIC number, date of birth, address, contact number, income statement, email address, employer information, bank account, and additionally for foreign customers, their passport numbers and employment pass numbers; b) 30,220 guarantors whose personal data consisted of name, NRIC number, da… Financial Penalty 41811af89a1fdebb1b8589e37ec87b3ff0bdc6f9 
[
    "pdf-content",
    "timestamp",
    "decision",
    "pdf-url",
    "tags",
    "nature",
    "url",
    "title",
    "date",
    "description"
]

Advanced export

JSON shape: default, array, newline-delimited

CSV options: 

CREATE VIEW pdpc_decisions_version_detail AS select
  commits.commit_at as _commit_at,
  commits.hash as _commit_hash,
  pdpc_decisions_version.*,
  (
    select json_group_array(name) from columns
    where id in (
      select column from pdpc_decisions_changed
      where item_version = pdpc_decisions_version._id
    )
) as _changed_columns
from pdpc_decisions_version
  join commits on commits.id = pdpc_decisions_version._commit;