Search
  • Straits Interactive

“Testing, Testing and more Testing...” - A study on PDPC Enforcement Cases

By: Josiah Poh (CIPM, CIPP/A, CIPT, CIPP/E, FIP), Senior Manager (Consultancy & Legal), Data Protection Officer, Straits Interactive Pte Ltd



After a couple of months’ hiatus, Singapore’s Personal Data Protection Commission published a total of eight enforcement decisions on their website. This article provides summaries of two enforcement decisions that resulted in the two highest financial penalties in this set of enforcement decisions and the learning points for all DPOs and privacy professionals to heed.


As the title of this article suggests, these two decisions set the expectations by the regulator on what organisations need to do when rolling out new information systems or solutions that involve the collection, usage, disclosure and storage of personal data.



MDIS Corporation Pte Ltd [2020] SGPDPC 11


WHAT HAPPENED: PDPC acted upon two complaints in 2019 from an individual who did a vanity search of her NRIC that she was able to access an Excel spreadsheet containing personal data of course participants who had signed up for courses with MDIS Corporation. This spreadsheet contained personal data of 304 individuals such as name, NRIC, citizenship and email addresses. The spreadsheet was linked to an online form on MDIS’ website.



... continue reading

10 views
  • Facebook
  • YouTube

QUICK LINKS

CONTACT US

SINGAPORE

43D Beach Road Singapore 189681
Tel: +65 6815 8010
Fax: +65 6717 4885
Email: sales@straitsinteractive.com

MALAYSIA
Tel: + 603 9212 8533
Email: malaysia.sales@straitsinteractive.com

PHILIPPINES
Tel: + 63 91 7515 0369
Email: philippines.sales@straitsinteractive.com

Copyright © 20 Straits Interactive Pte Ltd. All rights reserved. 
All third party trademarks (including logos and icons) referenced remain the property of their respective owners.