Singapore's Central Depository among three bodies fined $47,000 in total for not securing personal data

CDP received the biggest fine of $32,000. - ST/BT

SINGAPORE (The Straits Times/ANN): The Central Depository (CDP) and two other organisations have been fined a total of S$47,000 for breaching data privacy laws.

The CDP received the biggest fine of $32,000 after it mailed dividend cheques to outdated addresses, putting more than 200 account holders at risk of having their personal data disclosed.

According to a written decision by the Personal Data Protection Commission (PDPC) published on its website on Monday (Aug 3), the CDP had mailed the cheques containing personal information such as names and NRIC numbers to outdated addresses after it migrated its software system in December 2018.

Tests of the new system, which captured account holders' updated addresses as well as historical addresses, did not include the scenario of a change of address in the automated generation of dividend cheque mailers.

This led to the mailing of dividend cheques to possibly 211 CDP account holders at their old addresses -- a number deduced from the number of cheques not presented for payment.

The data breach was revealed after an account holder complained in March last year that the CDP had sent a dividend cheque to an outdated address.

The two other organisations are the Singapore Accountancy Commission (SAC) and education institute MDIS Corporation, which were fined $5,000 and $10,000 respectively for their breaches.

In the case of the SAC, a folder containing personal data of 6,541 Singapore Chartered Accountant Qualification programme personnel and candidates was mistakenly enclosed in e-mails sent to 41 unintended recipients.

As for MDIS, the information of more than 300 people, who had provided their personal data to register for its courses, was publicly available on its website. The slip-up came to light when one of those affected discovered that she was able to access a spreadsheet containing the information through a Google search of her NRIC number.

Meanwhile, another five organisations, including insurance provider FWD Singapore and beauty group Jean Yip Salon, were given warnings for failing to put in place reasonable security arrangements to prevent the unauthorised disclosure of personal data.

The PDPC, Singapore's privacy watchdog, released documents relating to these cases on its website on Monday. - The Straits Times/Asia News Network

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3

Did you find this article insightful?


100% readers found this article insightful

Next In Aseanplus News

Asean News Headlines as at 6pm on Saturday (Jan 23)
Lengthy jail terms given to men involved in Vietnamese truck deaths
‘Useless Edison’, DIY video star, sorry for making torture device replica after outcry from women on social media
Pandemic helps reduce Jakarta’s traffic woes; Indonesia's Covid-19 total surges past 977,000
Covid-19: Record high of 4,275 cases, seven more deaths
EU lawmakers condemn Vietnam over human rights crackdown
Vietnam emerges as attractive Asian destinations, say expert
WHO agrees to buy up to 40 million vaccine doses from Pfizer
Dr M not hospitalised, says aide
Singapore: Senior citizens to be vaccinated from Jan 27, only 10 imported Covid-19 cases reported on Sat (Jan 23)

Stories You'll Enjoy