Singapore: PDPC issues warning to FWD Singapore for failure to put in place reasonable security arrangements
The Personal Data Protection Commission ('PDPC') issued, on 3 August 2020, a warning to FWD Singapore Pte Ltd for failing to put in place reasonable security arrangements to prevent the unauthorised disclosure of 71 individuals' personal data contained in payment advice letters which were sent to incorrect recipients in breach of Section 24 of the Personal Data Protection Act 2012 (No. 26 of 2012). In particular, the PDPC noted that the unauthorised disclosure arose from a logical error which FWD Singapore should have taken care to avoid by conducting its manual code review and unit testing. Moreover, the PDPC highlighted that it had not issued any direction to FWD Singapore as they have implemented steps to improve their development processes to prevent the recurrence of such an incident.
You can read the decision here.