pdpc_decisions_version_detail (view)
2 rows where title = "Breach of Protection Obligation by Aviva"
This data as json, CSV (advanced)
Suggested facets: _commit_at (date), date (date), timestamp (date), tags (array), _changed_columns (array)
| _commit_at | _commit_hash | _id | _item | _version | _commit | description | tags | date | pdf-url | nature | title | url | timestamp | pdf-content | decision | _item_full_hash | _changed_columns |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 196 | 196 | 1 | 952 | A financial penalty of $30,000 was imposed on Aviva for failing to make reasonable security arrangements to prevent the unauthorised disclosure of personal data of policyholders. This is a second case within a period of 12 months. | [
"Protection",
"Financial Penalty",
"Finance and Insurance"
] |
2018-04-19 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds_of_Decision_Aviva_190418.pdf | Protection | Breach of Protection Obligation by Aviva | https://www.pdpc.gov.sg/all-commissions-decisions/2018/04/breach-of-protection-obligation-by-aviva-apr | 2018-04-19 | PERSONAL DATA PROTECTION COMMISSION [2018] SGPDPC 4 Case No DP-1706-B0860 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And Aviva Ltd … Organisation DECISION Aviva Ltd [2018] SGPDPC 4 Tan Kiat How, Commissioner— Case No DP-1706-B0860 19 April 2018 Background 1 The Organisation mistakenly sent out by post underwriting letters meant for 3 different clients (the “Impacted Clients”) to another client (the “Recipient Client”). The facts of this matter are uncomplicated and the application of the law is straightforward. Of note, however, is that this incident is disappointingly similar to a prior incident involving the Organisation (see Re Aviva Ltd [2017] SGPDPC 14 (“Re Aviva Ltd [2017]”)), for which the Organisation was found to be in breach of section 24 of the Personal Data Protection Act (“PDPA”) and fined $6,000. Material Facts 2 The Organisation is a multinational insurance company that offers various types of insurance plans to its policyholders. 3 On 8 June 2017, the Monetary Authority of Singapore (“MAS”) informed the Organisation that it had received a complaint on the unauthorised disclosure (the “Incident”) as set out at paragraph 1 above. The Organisation was unaware of the Incident prior to the notification from MAS. The Organisation in turn notified the Personal Data Protection Commission Aviva Ltd [2018] SGPDPC 4 (“Commission”) on 15 June 2017. An investigation was carried out under section 50(1) of the PDPA in relation to a breach of section 24 of the PDPA. 4 issued The Incident occurred during the enveloping of underwriting letters through the Organisation’s underwriting department (the “Department”) to individual clients who signed up for group insurance policies. Staff in the Department print out underwriting letters to be issued to the Organisation’s clients. Each staff will then place the relevant underwriting letter into the case file of each individual client and place the file onto a tray for an administrative staff to pi… | Financial Penalty | 204ca1322f458c8e057ad28eecacb7f85f0256f8 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 205 | 205 | 1 | 952 | A financial penalty of $6,000 was imposed on Aviva for failing to make reasonable security arrangements to prevent the unauthorised disclosure of the personal data of its insurance policyholder and his dependent. | [
"Protection",
"Financial Penalty",
"Finance and Insurance",
"Insurance"
] |
2017-10-11 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/grounds-of-decision---aviva-ltd---111017.pdf | Protection | Breach of Protection Obligation by Aviva | https://www.pdpc.gov.sg/all-commissions-decisions/2017/10/breach-of-protection-obligation-by-aviva-oct | 2017-10-11 | PERSONAL DATA PROTECTION COMMISSION [2017] SGPDPC 14 Case No DP-1611-B0323 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And Aviva Ltd … Organisation DECISION Aviva Ltd [2017] SGPDPC 14 Tan Kiat How, Commissioner— Case No DP-1611-B0323 11 October 2017 Background 1 Can an organisation fulfil its obligation to protect personal data by relying solely on its employees to perform their duties diligently? That is ultimately the question which the Commissioner had to determine in this matter. 2 The complaint which arose in this matter was that Aviva Ltd (“the Organisation”) had disclosed personal data without authorisation because it had mistakenly mailed to one of its policyholders (the “First Policyholder”) insurance documents which were meant for another policyholder (the “Second Policyholder”). A family member of the First Policyholder lodged a complaint on 8 November 2016 and the office of the Commissioner proceeded to investigate the matter. The Commissioner’s findings and the grounds of decision are set out below. Material Facts 3 The Organisation is a multinational insurance company that offers various types of insurance plans to its policyholders. 4 On 1 November 2016, the Organisation was alerted to the data breach (the “Incident”) by a complaint from a family member of the First Aviva Ltd Policyholder. It undertook an internal investigation into the source of the data breach, which was traced to its Processing Department. By way of background, the Organisation’s Processing Department is in charge of, amongst other things, preparing follow-up letters that need to be sent to the Organisation’s policyholders. This is done whenever the Organisation requires further administrative details or personal particulars from the policyholders as part of administering its insurance policies. In the event that there are any additional documents to be sent to a specific policyholder, e.g. application forms or product summaries, staff (the “pr… | Financial Penalty | 763a48aeeacc9025b8b27c65af5ef93cc67260fc | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
Advanced export
JSON shape: default, array, newline-delimited
CREATE VIEW pdpc_decisions_version_detail AS select
commits.commit_at as _commit_at,
commits.hash as _commit_hash,
pdpc_decisions_version.*,
(
select json_group_array(name) from columns
where id in (
select column from pdpc_decisions_changed
where item_version = pdpc_decisions_version._id
)
) as _changed_columns
from pdpc_decisions_version
join commits on commits.id = pdpc_decisions_version._commit;