Financial penalties of $18,000 were issued to COURTS, Vimalakirti Buddhist Center and Tanah Merah Country Club for breaching the data protection obligation, and notices were issued to MRI Diagnostics, Horizon Fast Ferry and Chan Brothers Travel. Similarly, instructions were given to the Security Masters. A warning was issued to Interauct! for violating its retention obligation and instructions were given to Clarity Radiology for violating its liability obligation.
Breach of the Protection Obligation by Security Masters
Directions were issued to Security Masters for failing to put in place reasonable security arrangements to prevent the unauthorised access of building visitors’ mobile numbers. A security personnel contacted the visitors to request return of visitor passes and send them Chinese New Year greetings.
Breach of the Retention Obligation by Interauct!
A warning was issued to Interauct! for retaining personal data which was no longer necessary for legal or business purposes.
Breach of the Protection Obligation by Chan Brothers Travel
A warning was issued to Chan Brothers Travel for failing to put in place reasonable security arrangements to protect the personal data of individuals on its website. The result was that the personal data of over 5,500 individuals were accessible through online web search engines.
Breach of the Protection Obligation by Tanah Merah Country Club
A financial penalty of $4,000 was imposed on Tanah Merah Country Club for failing to put in place reasonable security arrangements to protect the personal data of individuals stored on its electronic direct mail (“EDM”) system. The common password for login to the EDM system was weak and had not been changed since 2010. There were also no arrangements in place to ensure and enforce password strength, expiry and protection.
An application for reconsideration was filed against the decision Re Tanah Merah Country Club. Upon review and careful consideration of the application, directions in the decision were varied.
Breach of the Protection Obligation by Vimalakirti Buddhist Centre
A financial penalty of $5,000 was imposed on Vimalakirti Buddhist Centre for failing to put in place reasonable security arrangements to protect the personal data of its members and non-members from unauthorised disclosure. The incident resulted in the personal data being subjected to a ransomware attack.
Breach of the Protection Obligation by Horizon Fast Ferry
A warning was issued to Horizon Fast Ferry for failing to put in place reasonable security arrangements to protect the personal data in the Organisation’s email account.
Breach of the Protection Obligation by MRI Diagnostics and Breach of the Accountability Obligation by Clarity Radiology
A warning was issued to MRI Diagnostics for failing to put in place reasonable security arrangements to prevent the unauthorised disclosure of personal data of approximately 4,099 individuals which were publicly available via the internet.
Breach of the Protection Obligation by COURTS
A financial penalty of $9,000 was imposed on COURTS for failing to put in place reasonable security arrangements to protect the personal data of its members from unauthorised disclosure on its website. Some members were able to gain access to personal data of another member via a link in an email sent by COURTS.
Breach of the Protection Obligation by Singapore Medical Association
A warning was issued to the Singapore Medical Association for failing to put in place reasonable security arrangements to prevent the unauthorised access of 68 individuals’ personal data which were forwarded to an external email address without authorisation.