The Ninja Sensei’s Logbook: PDPC Decisions & Undertakings in April 2022
PDPC has published this month’s decisions and undertakings on their official website.
Two organisations were ordered to pay a financial penalty, one was handed directions, and another one had released an undertaking which the Commission received.
𝐆𝐞𝐧𝐢𝐮𝐬𝐔 𝐚𝐧𝐝 𝐓𝐫𝐢𝐧𝐢𝐭𝐲 𝐂𝐡𝐫𝐢𝐬𝐭𝐢𝐚𝐧 𝐂𝐞𝐧𝐭𝐫𝐞 𝐭𝐨 𝐩𝐚𝐲 𝐰𝐡𝐨𝐩𝐩𝐢𝐧𝐠 𝐟𝐢𝐧𝐞𝐬
GeniusU’s database was infiltrated due to a compromised developer password. This affected the personal data of approximately 1.26 million users. For failing to protect the personal data under its control, GeniusU was ordered to pay a whopping S$35,000.
Trinity Christian Centre, on the other hand, was ordered to pay S$20,000 for also failing to protect the personal data under its control. Its database servers were infected with ransomware, which affected the personal data of 72,285 individuals housed on those servers.
𝐃𝐢𝐫𝐞𝐜𝐭𝐢𝐨𝐧𝐬 𝐟𝐨𝐫 𝐀𝐂𝐋 𝐂𝐨𝐧𝐬𝐭𝐫𝐮𝐜𝐭𝐢𝐨𝐧, 𝐔𝐧𝐝𝐞𝐫𝐭𝐚𝐤𝐢𝐧𝐠 𝐛𝐲 𝐉𝐚𝐝𝐞-𝐄 𝐒𝐞𝐫𝐯𝐢𝐜𝐞𝐬
ACL Construction suffered a data breach, but the breached data only constitutes “business contact information” and not personal data.
This would have been enough for the matter to be closed, but the PDPC found out that the organisation failed to appoint a Data Protection Officer (DPO). The organisation was only handed directions given the nature of its business.
Jade-E Services incorrectly sent email marketing to addresses belonging to those who had already withdrawn their consent to receive such marketing emails. In the aftermath of the incident, the company submitted an undertaking which the Commission accepted.
𝐖𝐡𝐚𝐭 𝐜𝐚𝐧 𝐰𝐞 𝐥𝐞𝐚𝐫𝐧 𝐟𝐫𝐨𝐦 𝐭𝐡𝐞𝐬𝐞 𝐜𝐚𝐬𝐞𝐬?
👉 Keep your passwords strong and unique across all accounts.
👉 Regularly scan your system for vulnerabilities.
👉 Appoint a Data Protection Officer (DPO) — mandatory for ALL organisations in Singapore.
👉 Cooperate with your DPO to develop a culture of cyber wellness.
👉 Make good cyber hygiene a must for your employees, especially those who handle personal data in your possession.
📱 WhatsApp: +65 8750 4250
📧 Email: firstname.lastname@example.org