Singapore: PDPC fines Sendtech SGD 9,000 for failures to put in place reasonable security arrangements
The Personal Data Protection Commission ('PDPC') announced, on 21 September 2021, that it had imposed a financial penalty of SGD 9,000 (approx. €5,670) on Sendtech Pte. Ltd. for failing to put in place reasonable security arrangements to protect personal data from unauthorised access. In particular, the PDPC noted the Sendtech failures had resulted from a compromised access key to their Amazon web services which affected the personal data of 64,196 customers and 3,401 contractors, including the contractors' employees. Furthermore, the PDPC found Sendtech had contravened the protection obligation under Section 24 of the Personal Data Protection Act 2012 (No. 26 of 2012).