Singapore: PDPC issues warning to Specialized Asia Pacific for data security failure
The Personal Data Protection Commission ('PDPC') issued, on 21 September 2021, a warning to Specialized Asia Pacific Pte Ltd for failure to put in place reasonable security arrangements to protect the personal data of 2,445 application users from unauthorised access. In particular, the PDPC noted as a result of the undetected default privacy setting of 'visible' the personal information of the application users including names, addresses, dates of birth, telephone numbers, and email addresses were put at risk.
In its assessment of the above, the PDPC found that Asia Pacific failed to ensure online tools or software were set or privacy policies and security features reconfigured to protect the personal data of application or website users in breach of Section 24 of the Personal Data Protection Act 2012 (No. 26 of 2012) ('PDPA'). Upon consideration of the facts, the PDPC highlighted that it decided to issue a warning as there was limited exposure of the affected data to those who knew how to use the third-party software to access information via the default privacy setting and Asia Pacific had commited to improving its processes.