Popular search terms
Click each term for related articles
Asia Pacific
Data Protection & Privacy
The Singapore Personal Data Protection Commission (“PDPC”) published its latest enforcement decisions and voluntary undertakings last Friday (10 March 2023).
In total, there were 2 enforcement decisions (Eatigo case and Sembcorp Marine case) and 1 voluntary undertaking (Putien Restaurant case) published.
In this client update, we summarise the decisions and undertakings and present our key takeaways.
Key takeaways:
There are several key takeaways from these recent decisions and undertaking:
Name of Decision / Undertaking |
Summary of Incident |
Type of Potential Breach of the PDPA
|
Complaint / Self-reported |
Number of affected individuals; Types of personal data affected |
Outcome |
Eatigo International Pte. Ltd.
|
Personal data breach
A cache of personal data that was suspected to be from Eatigo’s database was being offered for sale on an online forum. |
Protection Obligation
|
Complaint by a third party |
2.74 million individuals
Personal data affected were:
|
|
Sembcorp Marine Ltd |
Personal Data breach
Sembcorp was the subject of a data breach involving an exploitation of the Log4J zero-day vulnerability which affected millions of computers worldwide in late 2021/early 2022.
|
Protection Obligation
The PDPC held that Sembcorp Marine had made reasonable security arrangements to protect personal data it possessed and/or controlled because:
|
Self-reported |
25,925 individuals
Personal data affected included:
|
|
Putien Restaurant Pte. Ltd. |
Personal Data Breach
|
Protection Obligation
|
Self-reported |
350 individuals
Personal data affected:
|
|
To discuss what this latest development in data protection enforcement decisions and undertakings may mean to you, please reach out to the author below:
End