Singapore: PDPC fines Larsen & Toubro SGD 7,000 for failure to ensure safety to personal data
The Personal Data Protection Commission ('PDPC') imposed, on 10 June 2021, a fine of SGD 7,000 (approx. €4,350) on Larsen & Toubro Infotech Limited. In particular, the PDPC highlighted that it had fined Larsen & Toubro for breach of the protection obligation under Section 24 of the Personal Data Protection Act 2012 (No. 26 of 2012) ('PDPA'). Specifically, the PDPC found that Larsen & Toubro had not put in place reasonable security arrangements to prevent unauthorised disclosure of personal data and the disclosure of the personal data of job applicants without their consent.
Moreover, the PDPC noted that it considered the circumstances of the case and factors including those listed under Section 48J(6) of the PDPA, such as Larsen & Toubro's cooperation with investigations, its proactive review to identify additional historical breaches, and its prompt remedial actions when the PDPC imposed the fine under the PDPA. Finally, the PDPC outlined that Larsen & Toubro must make payment of the financial penalty within 30 days from 10 June 2021 and will not be required to take any further action to address the gaps in the security of its arrangements.