pdpc_decisions_version_detail (view)
2 rows where title = "Breach of Protection Obligation by Toh-Shi Printing Singapore"
This data as json, CSV (advanced)
Suggested facets: _commit_at (date), date (date), timestamp (date), tags (array), _changed_columns (array)
| _commit_at | _commit_hash | _id | _item | _version | _commit | description | tags | date | pdf-url | nature | title | url | timestamp | pdf-content | decision | _item_full_hash | _changed_columns |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 227 | 227 | 1 | 952 | A financial penalty of $25,000 was imposed on Toh-Shi Printing Singapore for failing to implement proper and adequate procedural checks while processing personal data for Aviva, resulting in an unauthorised disclosure of personal data of more than 8,000 individuals. | [
"Protection",
"Financial Penalty",
"Admin and Support Services",
"TOH-SHI",
"AVIVA"
] |
2016-09-21 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/grounds-of-decision-aviva-ltd-and-toh-shi-printing-singapore-(210916).pdf | Protection | Breach of Protection Obligation by Toh-Shi Printing Singapore | https://www.pdpc.gov.sg/all-commissions-decisions/2016/09/breach-of-protection-obligation-by-toh-shi-printing-singapore-sep | 2016-09-21 | DECISION OF THE PERSONAL DATA PROTECTION COMMISSION Case Number: DP-1603-A661 AVIVA LTD (UEN No. 196900499K) … 1st Respondent TOH-SHI PRINTING SINGAPORE PTE LTD (UEN No. 198704013N) … 2nd Respondent Decision Citation: [2016] SGPDPC 15 GROUNDS OF DECISION 21 September 2016 A. BACKGROUND 1. On 9 March 2016, Aviva Ltd (“Aviva”) reported to the Personal Data Protection Commission (“Commission”) an incident involving the disclosure of the personal data belonging to 7,794 Aviva policyholders under the Aviva Public Officers Group Insurance Scheme (“POGIS”). It was reported that erroneous annual premium statements for the year 2015 had been sent out to the POGIS policyholders. The Monetary Authority of Singapore was also notified of this incident by Aviva on 10 March 2016. 2. On 10 June 2016, Aviva informed the Commission that while 7,794 POGIS policyholders received erroneous annual premium statements for the year 2015, the personal data of a total of 8,022 individuals, including the POGIS policyholders’ dependants, were disclosed in the data breach incident. 3. Following the reporting of the incident, the Commission undertook an investigation into the matter. The Commission has determined that the two respondents in this matter are Aviva and Toh-Shi Printing Singapore Pte Ltd (“Toh-Shi”). The Commission’s decision on the matter and grounds of decision are set out below. B. MATERIAL FACTS AND DOCUMENTS 4. Aviva is an insurance company and the appointed insurer for the POGIS. Toh-Shi provides mail out services of all the correspondence for Aviva and data printing services for ad-hoc projects. The mail out and data printing services provided by Toh-Shi to Aviva are governed by a Service Agreement dated 20 December 2012 as amended by a letter from Aviva to Toh-Shi dated 24 April 2014 and an Addendum to the Service Page 1 of 9 Agreement dated 12 January 2016 (the “Addendum” and collectively, the “Toh-Shi Service Agreement”). 5. The Toh-Shi Service Agreement provides that, among other things, TohShi shall (i) … | Financial Penalty | d36cb8018483dcca5a7cc775d963b760ab9c500d | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 230 | 230 | 1 | 952 | A financial penalty of $5,000 was imposed on Toh-Shi Printing Singapore for failing to implement proper and adequate verification while processing personal data on behalf of the CDP, resulting in unauthorised disclosure of 195 individuals’ sensitive personal data. | [
"Protection",
"Financial Penalty",
"Not in Breach",
"Admin and Support Services",
"TOH-SHI",
"CDP"
] |
2016-07-21 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/grounds-of-decision---toh-shi-(210716).pdf | Protection | Breach of Protection Obligation by Toh-Shi Printing Singapore | https://www.pdpc.gov.sg/all-commissions-decisions/2016/07/breach-of-protection-obligation-by-toh-shi-printing-singapore-jul | 2016-07-21 | DECISION OF THE PERSONAL DATA PROTECTION COMMISSION Case Number: DP-1506-A456 CENTRAL DEPOSITORY (PTE) LIMITED (UEN. 198003912M) ... 1st Respondent TOH-SHI PRINTING SINGAPORE PTE LTD (UEN. 198704013N) ... 2nd Respondent Decision Citation: [2016] SGPDPC 11 GROUNDS OF DECISION 21 July 2016 A. BACKGROUND 1. On 11 June 2015, the Central Depository Pte Limited (“CDP”), reported to the Personal Data Protection Commission (“Commission”) of an incident of a data breach involving its customers’ personal data. It was reported that six CDP account holders had received CDP account (“CDP account”) statements for the month of May 2015 containing account information of other account holders. On the same day, Singapore Exchange Limited (“SGX”) issued a news release to inform and apologise for the incident. 2. Following the reporting of the incident, the Commission undertook an investigation into the matter. The Commission had determined that the two respondents in the matter were CDP and Toh-Shi Printing Singapore Pte Ltd (“Toh-Shi”) respectively. The Commission’s decision on the matter and grounds of decision are set out below. B. MATERIAL FACTS AND DOCUMENTS 3. CDP is a wholly-owned subsidiary of SGX, and provides clearing, settlement and depository facilities in the Singapore securities market. Toh-Shi is the external vendor of CDP in charge of printing the CDP account statements for CDP. 4. The printing services provided by Toh-Shi are governed by a contract between parties dated 1 March 2013 (the Document Management Service Agreement (“DMSA”)). The DMSA required, amongst other things, for Toh-Shi to protect the confidentiality of the CDP account holders’ personal data and to put in place the necessary measures to protect the data. 5. Following the discovery of the data breach and Toh-Shi alerting the Commission of the breach, on 15 June 2015, CDP reissued the corrected CDP statements for the month of May 2015 with an apology letter to the 195 affected account holders. On 17 June 2015, SGX started to contact … | Financial Penalty, Not in Breach | 915d1174037745f235dd3c1279be62593b3bc91d | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
Advanced export
JSON shape: default, array, newline-delimited
CREATE VIEW pdpc_decisions_version_detail AS select
commits.commit_at as _commit_at,
commits.hash as _commit_hash,
pdpc_decisions_version.*,
(
select json_group_array(name) from columns
where id in (
select column from pdpc_decisions_changed
where item_version = pdpc_decisions_version._id
)
) as _changed_columns
from pdpc_decisions_version
join commits on commits.id = pdpc_decisions_version._commit;