Singapore: PDPC issues warning to Jean Yip Salon for failing to put in place reasonable security arrangements
The Personal Data Protection Commission ('PDPC') announced, on 3 August 2020, that it had issued a warning to Jean Yip Salon Pte Ltd for failing to put in place reasonable security arrangements to prevent the unauthorised disclosure of personal data of 28 of its employees in breach of Section 24 of the Personal Data Protection Act 2012 (No. 26 of 2012). In particular, the PDPC highlighted that Jean Yip Salon had opened public access to a server without ascertaining what it hosted, and therefore had inadvertently allowed access to the internal system. Furthermore, the PDPC found that there were no processes in place to remove or deactivate unnecessary user accounts and that Jean Yip Salon did not enforce a password policy for user accounts.
You can read the decision here.