Notable names among firms rapped for lapses in data security

The heaviest fine of $50,000 was slapped on karaoke chain K Box for a data breach involving 317,000 customers.
The heaviest fine of $50,000 was slapped on karaoke chain K Box for a data breach involving 317,000 customers.PHOTO: ST FILE

Singapore's privacy watchdog has cracked down on organisations that collected personal data from their customers and members, but failed to take adequate steps to protect such information.

It is the first time the Personal Data Protection Commission (PDPC) has revealed action taken against rule-breakers since the law took full effect in July 2014.

Four organisations were fined and seven warned for failing to secure the personal data of consumers, the watchdog said yesterday.

The heaviest fine of $50,000 was slapped on karaoke chain K Box for a data breach involving 317,000 customers, resulting in their details being posted on file-sharing website pastebin.com in September 2014. Its IT vendor, Finantech Holdings, was fined $10,000.

PDPC chairman Leong Keng Thai said that organisations were free to use consumers' personal data to deliver better customer service.

"The key is to use it responsibly and take appropriate actions to protect it," said Mr Leong.

Industry body Institution of Engineers Singapore and health supplements supplier Fei Fah Medical Manufacturing were fined after the personal data of their members and customers was wrongfully disclosed.

Organisations warned for lapses in securing data include IT retail chain Challenger Technologies, the Singapore Computer Society and Metro.

Lawyer Bryan Tan of Pinsent Masons MPillay said that organisations were either ignorant or plain careless.

The enforcement followed 667 complaints to the PDPC - mostly that data had been wrongfully collected or used.

A version of this article appeared in the print edition of The Straits Times on April 22, 2016, with the headline 'Notable names among firms rapped for lapses in data security'. Print Edition | Subscribe