The Ninja Senseiโ€™s Logbook: PDPC Decisions & Undertakings in April 2022

PDPC has published this monthโ€™s decisions and undertakings on their official website.

Two organisations were ordered to pay a financial penalty, one was handed directions, and another one had released an undertaking which the Commission received.

๐†๐ž๐ง๐ข๐ฎ๐ฌ๐” ๐š๐ง๐ ๐“๐ซ๐ข๐ง๐ข๐ญ๐ฒ ๐‚๐ก๐ซ๐ข๐ฌ๐ญ๐ข๐š๐ง ๐‚๐ž๐ง๐ญ๐ซ๐ž ๐ญ๐จ ๐ฉ๐š๐ฒ ๐ฐ๐ก๐จ๐ฉ๐ฉ๐ข๐ง๐  ๐Ÿ๐ข๐ง๐ž๐ฌ
GeniusUโ€™s database was infiltrated due to a compromised developer password. This affected the personal data of approximately 1.26 million users. For failing to protect the personal data under its control, GeniusU was ordered to pay a whopping S$35,000.

Trinity Christian Centre, on the other hand, was ordered to pay S$20,000 for also failing to protect the personal data under its control. Its database servers were infected with ransomware, which affected the personal data of 72,285 individuals housed on those servers.

๐ƒ๐ข๐ซ๐ž๐œ๐ญ๐ข๐จ๐ง๐ฌ ๐Ÿ๐จ๐ซ ๐€๐‚๐‹ ๐‚๐จ๐ง๐ฌ๐ญ๐ซ๐ฎ๐œ๐ญ๐ข๐จ๐ง, ๐”๐ง๐๐ž๐ซ๐ญ๐š๐ค๐ข๐ง๐  ๐›๐ฒ ๐‰๐š๐๐ž-๐„ ๐’๐ž๐ซ๐ฏ๐ข๐œ๐ž๐ฌ
ACL Construction suffered a data breach, but the breached data only constitutes โ€œbusiness contact informationโ€ and not personal data.

This would have been enough for the matter to be closed, but the PDPC found out that the organisation failed to appoint a Data Protection Officer (DPO). The organisation was only handed directions given the nature of its business.

Jade-E Services incorrectly sent email marketing to addresses belonging to those who had already withdrawn their consent to receive such marketing emails. In the aftermath of the incident, the company submitted an undertaking which the Commission accepted.

๐–๐ก๐š๐ญ ๐œ๐š๐ง ๐ฐ๐ž ๐ฅ๐ž๐š๐ซ๐ง ๐Ÿ๐ซ๐จ๐ฆ ๐ญ๐ก๐ž๐ฌ๐ž ๐œ๐š๐ฌ๐ž๐ฌ?

๐Ÿ‘‰ Keep your passwords strong and unique across all accounts.
๐Ÿ‘‰ Regularly scan your system for vulnerabilities.
๐Ÿ‘‰ Appoint a Data Protection Officer (DPO) โ€” mandatory for ALL organisations in Singapore.
๐Ÿ‘‰ Cooperate with your DPO to develop a culture of cyber wellness.
๐Ÿ‘‰ Make good cyber hygiene a must for your employees, especially those who handle personal data in your possession.

P.S. For any further questions or if you need help with your cybersecurity and data protection compliance journey, donโ€™t hesitate to reach out to us. We are always a text/call or email away!

๐Ÿ“ฑ WhatsApp: +65 8750 4250
๐Ÿ“ง Email: ninjas@privacy.com.sg

This post first appeared on Andyโ€™s LinkedIn wall. Follow us on the following pages for more updates! Facebook | Twitter | LinkedIn | YouTube | Website

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store