The Ninja Senseiโ€™s Logbook: PDPC Decisions & Undertakings in April 2022

Having a Data Protection Officer (DPO) is not only compliance to the PDPA laws, it is also a value-added feature for your business cyber hygiene.

PDPC has published this monthโ€™s decisions and undertakings on their official website.

Two organisations were ordered to pay a financial penalty, one was handed directions, and another one had released an undertaking which the Commission received.

๐†๐ž๐ง๐ข๐ฎ๐ฌ๐” ๐š๐ง๐ ๐“๐ซ๐ข๐ง๐ข๐ญ๐ฒ ๐‚๐ก๐ซ๐ข๐ฌ๐ญ๐ข๐š๐ง ๐‚๐ž๐ง๐ญ๐ซ๐ž ๐ญ๐จ ๐ฉ๐š๐ฒ ๐ฐ๐ก๐จ๐ฉ๐ฉ๐ข๐ง๐  ๐Ÿ๐ข๐ง๐ž๐ฌ
GeniusUโ€™s database was infiltrated due to a compromised developer password. This affected the personal data of approximately 1.26 million users. For failing to protect the personal data under its control, GeniusU was ordered to pay a whopping S$35,000.

Trinity Christian Centre, on the other hand, was ordered to pay S$20,000 for also failing to protect the personal data under its control. Its database servers were infected with ransomware, which affected the personal data of 72,285 individuals housed on those servers.

๐ƒ๐ข๐ซ๐ž๐œ๐ญ๐ข๐จ๐ง๐ฌ ๐Ÿ๐จ๐ซ ๐€๐‚๐‹ ๐‚๐จ๐ง๐ฌ๐ญ๐ซ๐ฎ๐œ๐ญ๐ข๐จ๐ง, ๐”๐ง๐๐ž๐ซ๐ญ๐š๐ค๐ข๐ง๐  ๐›๐ฒ ๐‰๐š๐๐ž-๐„ ๐’๐ž๐ซ๐ฏ๐ข๐œ๐ž๐ฌ
ACL Construction suffered a data breach, but the breached data only constitutes โ€œbusiness contact informationโ€ and not personal data.

This would have been enough for the matter to be closed, but the PDPC found out that the organisation failed to appoint a Data Protection Officer (DPO). The organisation was only handed directions given the nature of its business.

Jade-E Services incorrectly sent email marketing to addresses belonging to those who had already withdrawn their consent to receive such marketing emails. In the aftermath of the incident, the company submitted an undertaking which the Commission accepted.

๐–๐ก๐š๐ญ ๐œ๐š๐ง ๐ฐ๐ž ๐ฅ๐ž๐š๐ซ๐ง ๐Ÿ๐ซ๐จ๐ฆ ๐ญ๐ก๐ž๐ฌ๐ž ๐œ๐š๐ฌ๐ž๐ฌ?

๐Ÿ‘‰ Keep your passwords strong and unique across all accounts.
๐Ÿ‘‰ Regularly scan your system for vulnerabilities.
๐Ÿ‘‰ Appoint a Data Protection Officer (DPO) โ€” mandatory for ALL organisations in Singapore.
๐Ÿ‘‰ Cooperate with your DPO to develop a culture of cyber wellness.
๐Ÿ‘‰ Make good cyber hygiene a must for your employees, especially those who handle personal data in your possession.

P.S. For any further questions or if you need help with your cybersecurity and data protection compliance journey, donโ€™t hesitate to reach out to us. We are always a text/call or email away!

๐Ÿ“ฑ WhatsApp: +65 8750 4250
๐Ÿ“ง Email: ninjas@privacy.com.sg

This post first appeared on Andyโ€™s LinkedIn wall. Follow us on the following pages for more updates! Facebook | Twitter | LinkedIn | YouTube | Website

--

--

--

Privacy Ninja is Singaporeโ€™s leading cybersecurity & data protection firm offering the most affordable services, like outsourced Data Protection Service & VAPT.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Why You Should Care About Social Engineering

{UPDATE} McDonaldโ€™s Happy Meal App MEA Hack Free Resources Generator

Hack This Site: Realistic Web Missionโ€Šโ€”โ€ŠLevel 10

Hack This Site: Realistic Web Missionโ€Šโ€”โ€ŠLevel 10

ADA Token Listing Proposal Passed

The Future of Digital Security

{UPDATE} Cat Condo 2 Hack Free Resources Generator

HappyBotsโ€Šโ€”โ€ŠConnect 3Commas to the HappyBots Platform

Announcement: The Cosmic Blind Box Flash Sale Completed

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Privacy Ninja

Privacy Ninja

Privacy Ninja is Singaporeโ€™s leading cybersecurity & data protection firm offering the most affordable services, like outsourced Data Protection Service & VAPT.

More from Medium

The Ninja Senseiโ€™s Logbook: Browser-in-the-Browser Attack

The Ninja Senseiโ€™s Logbook

How Do Cybersecurity Principles Fit in Modern Application Design?

The Network Security Proโ€™s Guide to RSAC 2022

Protecting Your Website from Digital Chaos