pdpc_undertakings_version_detail (view)
1 row where "timestamp" is on date 2021-08-12
This data as json, CSV (advanced)
Suggested facets: _commit_at (date), timestamp (date), _changed_columns (array)
| _commit_at | _commit_hash | _id | _item | _version | _commit | id | organisation | url | timestamp | description | pdf-url | pdf-content | _item_full_hash | _changed_columns |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2023-09-30T05:17:27+00:00 | be5389b881a3b6b218fc727fb3f2bea2c23e9082 | 12 | 12 | 1 | 948 | 12 | Equity Solution Pte Ltd | https://www.pdpc.gov.sg/Undertakings/Undertaking-by-Equity-Solution-Pte-Ltd | 2021-08-12 | Background The Personal Data Protection Commission (the “Commission”) received a data breach notification on 23 February 2021 from Equity Solution Pte Ltd (“ESPL”), informing that ESPL had been subject to a phishing attack after a staff member opened an email containing an excel file with a macro-enabled malware. The personal data of approximately 1,359 individuals was affected. The affected datasets comprised the affected individuals’ names, addresses, dates of birth, NRIC numbers, passport numbers and financial information. It was established that (a) ESPL had insufficient training for its staff on basic cybersecurity and data protection measures, (b) there was a lack of IT security policy for and no security risk management of its information and communications technology (“ICT”) operations. Remedial Actions After the incident, as part of a remediation plan, ESPL promptly implemented the following measures: (a) Secured files and documents using password protection; (b) Hardened its operating system; (c) Implemented a strong password protection policy; (d) Reviewed and updated its email usage policy; (e) Implemented training and awareness programmes for its employees; and (f) Reviewed and updated its personal data protection policy.Undertaking Undertaking The Commission recognises that ESPL has made efforts to address the concerns raised in this case and to improve its personal data protection practices. Having considered the circumstances of the case, the Commission accepted an undertaking from ESPL to improve its compliance with the Personal Data Protection Act 2012. The undertaking was executed on 8 June 2021 (the “Undertaking”). The Undertaking provided that ESPL was to complete implementation of its remediation plan by subscribing to an email service provider with greater privacy and security features, and enhancing its data security processes. ESPL has since updated the Commission that implementation of its remediation plan has been completed. The Commission has reviewed the matter and determined … | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Undertakings/Undertaking---Equity-Solution-Pte-Ltd.pdf | WRITTEN VOLUNTARY UNDERTAKING (“Undertaking”) TO THE PERSONAL DATA PROTECTION COMMISSION This Undertaking is given to the Personal Data Protection Commission or its delegates pursuant to section 48L(1) of the PDPA, by: Equity Solution Pte Ltd UEN: 201601961Z Registered Address: 16 Kallang Pl #07-03 Singapore (339156) (hereinafter referred to as the “Organisation”). By signing this Undertaking, the above-named Organisation acknowledges the matters stated herein and undertakes to the Commission in the terms set out herein. 1. DEFINITIONS 1.1 In this Undertaking: (a) “PDPA” means the Personal Data Protection Act 2012 (No. 26 of 2012); and (b) “Relevant Provisions” means the provisions in Parts 3, 4, 5, 6, 6A, 6B and 9, and section 48B(1) of the PDPA. 2. ACKNOWLEDGEMENTS 2.1 The Organisation hereby acknowledges the following matters: (a) The Commission has carried out investigations into certain acts and practices of the Organisation, and has reason to believe that the Organisation has not complied, is not complying, or is likely not to comply with one or more of the Relevant Provisions. The relevant facts and circumstances are summarised at Schedule A. (b) As a result of any non-compliance with the PDPA by an organisation, the Commission has a number of enforcement options under the PDPA, including the option to issue directions under sections 48I or 48J of the PDPA. (c) The Commission recognises that the Organisation has made efforts to address the concerns raised in this case and to improve its personal data protection practices. In addition, the Organisation was cooperative in the course of the investigation and was responsive to requests for information. The Commission further recognises that the Organisation appears ready to implement or is in the midst of implementing the steps set out in Schedule B. (d) Having carefully considered all the relevant facts and circumstances, the Commission takes the view that this is an appropriate case in which an Undertaking may be accepted. 2.2 The Organis… | ecf4078a48c0570dee92963bf197d86e63581724 | [
"organisation",
"description",
"id",
"pdf-content",
"url",
"pdf-url",
"timestamp"
] |
Advanced export
JSON shape: default, array, newline-delimited
CREATE VIEW pdpc_undertakings_version_detail AS select
commits.commit_at as _commit_at,
commits.hash as _commit_hash,
pdpc_undertakings_version.*,
(
select json_group_array(name) from columns
where id in (
select column from pdpc_undertakings_changed
where item_version = pdpc_undertakings_version._id
)
) as _changed_columns
from pdpc_undertakings_version
join commits on commits.id = pdpc_undertakings_version._commit;