pdpc_decisions_version: 99
This data as json
| _id | _item | _version | _commit | description | tags | date | pdf-url | nature | title | url | timestamp | pdf-content | decision | _item_full_hash |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 99 | 99 | 1 | 1016 | A warning was issued to FWD Singapore for failing to put in place reasonable security arrangements to prevent the unauthorised disclosure of 71 individuals’ personal data contained in payment advice letters which were sent to incorrect recipients. | [
"Protection",
"Warning",
"Finance and Insurance",
"Letters",
"Logic error",
"Code review"
] |
2020-08-03 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/FWD-Singapore-Pte-Ltd---Summary-of-Decision---13032020.pdf | Protection | Breach of the Protection Obligation by FWD Singapore | https://www.pdpc.gov.sg/all-commissions-decisions/2020/08/breach-of-the-protection-obligation-by-fwd-singapore | 2020-08-03 | PERSONAL DATA PROTECTION COMMISSION Case No. DP-1907-B4352 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And FWD Singapore Pte Ltd SUMMARY OF THE DECISION 1. The Personal Data Protection Commission (the “Commission”) was notified on 26 July 2019 by FWD Singapore Pte Ltd (the “Organisation”) of the unintended disclosure of 71 individuals’ (the “Affected Individuals”) personal data contained in 42 payment advice letters sent to incorrect recipients between 20 June 2019 and 17 July 2019 (the “Incident”). 2. The Incident arose from the Organisation’s attempt to fix a logic error in the system that it used to generate payment advice letters. The error was introduced when a fix for an earlier logic error was deployed. The Commission found that the second logic error could have been detected if manual code review and unit testing had been conducted to a reasonable standard. 3. The second logic error caused the extraction of incorrect mailing addresses for payment advice letters in some circumstances. This resulted in the Affected Individuals’ names and identification numbers in payment advice letters being sent to incorrect addresses. The Organisation should have taken care in conducting its manual code review and unit testing to avoid another logic error. In the circumstances, the Deputy Commissioner for Personal Data Protection found the Organisation in breach of its Protection Obligation under section 24 of the Personal Data Protection Act 2012 (the “PDPA”). 4. The Deputy Commissioner took into account the following factors in deciding to issue a warning to the Organisation: a. The Organisation had managed to retrieve letters containing the personal data of 67 out of the 71 Affected Individuals. b. The Organisation voluntarily notified the Commission of the Incident. c. The second logic error resulted in the extraction of incorrect mailing addresses only in limited circumstances. 5. No directions are required as the Organisation took steps to improve its development processes to prevent the recurrence of the Incident. | Warning | bb248e5764c08e64f81212ce9f5a5c65012fd88c |
Links from other tables
- 10 rows from item_version in pdpc_decisions_changed