Support Centre

You have out of 10 free articles left for the week

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Singapore: PDPC issues warning to Specialized Asia Pacific for data security failure

The Personal Data Protection Commission ('PDPC') issued, on 21 September 2021, a warning to Specialized Asia Pacific Pte Ltd for failure to put in place reasonable security arrangements to protect the personal data of 2,445 application users from unauthorised access. In particular, the PDPC noted as a result of the undetected default privacy setting of 'visible' the personal information of the application users including names, addresses, dates of birth, telephone numbers, and email addresses were put at risk.

In its assessment of the above, the PDPC found that Asia Pacific failed to ensure online tools or software were set or privacy policies and security features reconfigured to protect the personal data of application or website users in breach of Section 24 of the Personal Data Protection Act 2012 (No. 26 of 2012) ('PDPA'). Upon consideration of the facts, the PDPC highlighted that it decided to issue a warning as there was limited exposure of the affected data to those who knew how to use the third-party software to access information via the default privacy setting and Asia Pacific had commited to improving its processes.

You can read the press release here and the decision here.