The Personal Data Protection Commission (PDPC) has issued $66,000 in fines after finding seven organisations, including Singtel and SPH Magazines, in breach of data protection laws in Singapore.
The telecommunications giant received a penalty - and not for the first time - of $9000 for failing to put in place "reasonable security arrangements" to prevent the unauthorised disclosure of personal data of some customers via its My Singtel mobile application.
Meanwhile, SPH Magazines was hit with a $26,000 fine for failing to prevent the unauthorised access of personal data of members on its HardwareZone forum site, impacting 685,000 users.
Aligned to the Personal Data Protection Act (PDPA), a financial penalty of $16,000 was also imposed on Royal Caribbean Cruises in Asia for not protecting the personal data of its customers, which was subjected to a ransomware attack.
Finally, a $15,000 fine was imposed on the SCAL Academy for failing to protect the personal data of individuals on its website, individual who has provided personal data for registration purposes to attend courses, seminars or workshops.
In a round of decisions published on 11 February, directions were also imposed on Henry Park Primary School Parents' Association for breaching the "Protection and Accountability Obligations" of the PDPA.
“First, the organisation failed to put in place reasonable measures to protect its members’ personal data,” a commission ruling stated. “Second, it did not appoint a data protection officer. Lastly, it did not have written policies and practices necessary to ensure its compliance with the PDPA.
Furthermore, warnings were issued each to NTUC Income and AXA Insurance. Specific to NTUC Income, 123 users received automated acknowledgement emails attached with files containing personal data belonging to 17 individuals. Meanwhile at AXA Insurance, the personal data of 87 individuals was sent in an email to an unintended recipient.