pdpc_undertakings_version_detail (view)
2 rows where "timestamp" is on date 2021-06-10
This data as json, CSV (advanced)
Suggested facets: _commit_at (date), timestamp (date), _changed_columns (array)
| _commit_at | _commit_hash | _id | _item | _version | _commit | id | organisation | url | timestamp | description | pdf-url | pdf-content | _item_full_hash | _changed_columns |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2023-09-30T05:17:27+00:00 | be5389b881a3b6b218fc727fb3f2bea2c23e9082 | 8 | 8 | 1 | 948 | 8 | Seafront Support Company Pte Ltd | https://www.pdpc.gov.sg/Undertakings/Undertaking-by-Seafront-Support-Company-Pte-Ltd | 2021-06-10 | Background The Personal Data Protection Commission (the “Commission”) received a data breach notification on 17 July 2020 from Seafront Support Company Pte. Ltd. (“Seafront Support”) informing that a ransomware attack had rendered data on its server inaccessible. The personal data of approximately 400 to 500 individuals was lost in the incident. The affected datasets comprised the affected individuals’ full name, last 3 digits and checksum of their NRIC number, passport number, last 3 digits and checksum of their FIN number, first 5 digits of their work permit number, address, date of birth, salaries and/or CPF payment details. It was established that Seafront Support had not implemented adequate security measures to protect the personal data in the server at the time of the incident. Seafront Support did not have a dedicated IT department to monitor and manage its IT system, including the server which had not been patched regularly. Seafront Support’s staff were also not well-informed of safe IT practices. Remedial Actions After the incident, as part of a remediation plan, Seafront Support: (a) engaged an external IT consultant to manage its IT system; (b) conducted an audit of Seafront Support’s entire IT system and made improvements to harden its IT system; (c) developed and implemented an IT security policy; (d) conducted meetings and sent periodic email reminders on safe IT practices to increase staff awareness on cybersecurity issues; and (e) instructed staff to back-up their files daily on separate cloud-based storage. Undertaking Having considered the circumstances of the case, including the remedial steps taken by Seafront Support to improve its personal data protection practices, the Commission accepted an undertaking from Seafront Support to improve its compliance with the Personal Data Protection Act 2012. The undertaking was executed on 15 December 2020 (the “Undertaking”). The Undertaking provided that Seafront Support was to complete the implementation of its remediation plan by upgrading it… | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Undertakings/Undertaking---Seafront.pdf | VOLUNTARY UNDERTAKING (“Undertaking”) TO THE PERSONAL DATA PROTECTION COMMISSION This Undertaking is given to the Info-communications Media Development Authority designated as the Personal Data Protection Commission under section 5(1) of the PDPA (hereinafter referred to as the “Commission”), by: Seafront Support Company Pte. Ltd. UEN: 201106511C Registered Address: 102E, Pasir Panjang Road, #02-08, Citilink Warehouse Complex, Singapore 118529 (hereinafter referred to as the “Organisation”). By signing this Undertaking, the above-named Organisation acknowledges the matters stated herein and undertakes to the Commission in the terms set out herein. 1. DEFINITIONS 1.1 In this Undertaking: (a) “Commission’s Letter” means the letter dated 25 November 2020 from the Commission to the Organisation, concerning its investigation under the PDPA, including the appendices thereto; (b) “Data Protection Provisions” means the provisions in Parts III to VI of the PDPA; and (c) “PDPA” means the Personal Data Protection Act 2012 (No. 26 of 2012). 2. ACKNOWLEDGEMENTS 2.1 The Organisation hereby acknowledges the following matters: (a) As referenced in the Commission’s Letter, the Commission has carried out investigations into certain acts and practices of the Organisation, which potentially infringe one or more of the Data Protection Provisions. (b) As a result of any non-compliance with the PDPA by an organisation, the Commission has a number of enforcement options under the PDPA, including the option to give a direction under section 29 of the PDPA. Page 1 of 6 (c) The Commission recognises that the Organisation has made efforts to address the concerns raised in this case and to improve its personal data protection practices. In addition, the Organisation was cooperative in the course of the investigation and was responsive to requests for information. The Commission further recognises that the Organisation is already implementing the remediation plan set out in clause 3 below. (d) Having carefully considered … | 1dc240b00d7495692705e5eca54021fd2ccba1c2 | [
"organisation",
"description",
"id",
"pdf-content",
"url",
"pdf-url",
"timestamp"
] |
| 2023-09-30T05:17:27+00:00 | be5389b881a3b6b218fc727fb3f2bea2c23e9082 | 9 | 9 | 1 | 948 | 9 | Platinum Yoga Pte Ltd | https://www.pdpc.gov.sg/Undertakings/Undertaking-by-Platinum-Yoga-Pte-Ltd | 2021-06-10 | Background The Personal Data Protection Commission (the “Commission”) received a data breach notification on 29 October 2020 from Platinum Yoga Pte. Ltd. (“Platinum Yoga”), informing of a suspected alleged act of mischief by a terminated employee of Platinum Yoga, who gained unauthorised access to its Customer Relationship Management (“CRM”) system and Facebook account. The CRM system held the email addresses and photographs of Platinum Yoga’s members. Consequently, photographs of 25 individuals were disclosed in an unauthorised Facebook post, and the email addresses of 58 individuals were disclosed in an email impersonating Platinum Yoga. It was established that Platinum Yoga had 1) lacked access restriction to the accounts it had which included the CRM system and its Facebook account; 2) lacked dedicated personnel to ensure and enforce password changes to the CRM system and Facebook account periodically or whenever necessary, among its employees; and 3) not developed a data protection policy internally. Remedial Actions After the incident, as part of a remediation plan, Platinum Yoga: (a) Implemented access restrictions to the CRM system and other accounts, including access to the CRM system on a need-to-know basis, and 2 Factor Authentication to accounts possible; (b) Ensured that personal data can only be viewed or accessed from its property only; (c) Appointed dedicated team to monitor and ensure password change to the CRM system and other accounts periodically, and whenever necessary, among its employees; (d) Implemented periodic reminders to members on changing of passwords; (e) Implemented quarterly review of its internal data protection policy. Undertaking Having considered the circumstances of the case, including the remediation actions taken by Platinum Yoga to improve its personal data protection practices, the Commission accepted an undertaking from Platinum Yoga to improve its compliance with the Personal Data Protection Act 2012. The undertaking was executed on 20 January 2021 (the “Undertaking… | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Undertakings/Undertaking---Platinum-Yoga-Pte-Ltd.pdf | VOLUNTARY UNDERTAKING (“Undertaking”) TO THE PERSONAL DATA PROTECTION COMMISSION This Undertaking is given to the Info-communications Media Development Authority designated as the Personal Data Protection Commission under section 5(1) of the PDPA (hereinafter referred to as the “Commission”), by: Platinum Yoga Pte. Ltd. UEN: 201109593N Registered Address: 1 Marine Parade Central, #13-09 Parkway Centre, Singapore 449408 (hereinafter referred to as the “Organisation”). By signing this Undertaking, the above-named Organisation acknowledges the matters stated herein and undertakes to the Commission in the terms set out herein. 1. DEFINITIONS 1.1 In this Undertaking: (a) “Commission’s Letter” means the letter dated <14 January 2021> from the Commission to the Organisation, concerning its investigation under the PDPA, including the appendices thereto; (b) “Data Protection Provisions” means the provisions in Parts III to VI of the PDPA; and (c) “PDPA” means the Personal Data Protection Act 2012 (No. 26 of 2012). 2. ACKNOWLEDGEMENTS 2.1 The Organisation hereby acknowledges the following matters: (a) As referenced in the Commission’s Letter, the Commission has carried out investigations into certain acts and practices of the Organisation, which potentially infringe one or more of the Data Protection Provisions. (b) As a result of any non-compliance with the PDPA by an organisation, the Commission has a number of enforcement options under the PDPA, including the option to give a direction under section 29 of the PDPA. (c) The Commission recognises that the Organisation has made efforts to address the concerns raised in this case and to improve its personal data protection practices. In addition, the Organisation was cooperative in the course of the investigation and was responsive to requests for Page 1 of 5 information. The Commission further recognises that the Organisation is already implementing the remediation plan set out in clause 3 below. (d) Having carefully considered all the relevant facts an… | f621902bbbc4d00ed896b448aa3a44e830575f21 | [
"organisation",
"description",
"id",
"pdf-content",
"url",
"pdf-url",
"timestamp"
] |
Advanced export
JSON shape: default, array, newline-delimited
CREATE VIEW pdpc_undertakings_version_detail AS select
commits.commit_at as _commit_at,
commits.hash as _commit_hash,
pdpc_undertakings_version.*,
(
select json_group_array(name) from columns
where id in (
select column from pdpc_undertakings_changed
where item_version = pdpc_undertakings_version._id
)
) as _changed_columns
from pdpc_undertakings_version
join commits on commits.id = pdpc_undertakings_version._commit;