• About Us
    • Fact Checking Policy
    • Ownership & funding information
    • Volunteer
  • Subscribe
  • Letter submission
    • Submissions Policy
  • Contact Us
The Online Citizen Asia
  • Opinion
    • Editorial
    • Commentaries
    • Letters
    • Comments
  • Current Affairs
    • Singapore
    • Malaysia
    • Indonesia
    • China
    • ASEAN
    • Asia
    • International
  • Finance
    • Economics
    • Labour
    • Property
    • Business
  • Community
    • Arts & Culture
    • Consumer Watch
    • NGO
    • Lifestyle
    • Travel
  • Politics
    • Civil Society
    • Parliament
    • Transport
    • Education
    • Environment
    • Health
    • Housing
  • Law & Order
    • Legislation
    • Court Cases
No Result
View All Result
  • Opinion
    • Editorial
    • Commentaries
    • Letters
    • Comments
  • Current Affairs
    • Singapore
    • Malaysia
    • Indonesia
    • China
    • ASEAN
    • Asia
    • International
  • Finance
    • Economics
    • Labour
    • Property
    • Business
  • Community
    • Arts & Culture
    • Consumer Watch
    • NGO
    • Lifestyle
    • Travel
  • Politics
    • Civil Society
    • Parliament
    • Transport
    • Education
    • Environment
    • Health
    • Housing
  • Law & Order
    • Legislation
    • Court Cases
No Result
View All Result
The Online Citizen Asia
No Result
View All Result

PDPC imposes S$8,000 fine on law firm for incorrect disclosure of clients’ personal data via emails

by The Online Citizen
11/06/2019
in Tech
Reading Time: 3 mins read
0

Woman using smartphone and laptop with icon graphic Cyber security network of connected devices and personal data security from Shutterstock.com

The Personal Data Protection Commission (PDPC) has issued an S$8,000 fine against a law firm after an administrative staff was found sending email correspondences meant for a client to an incorrect email address by mistake on two separate occasions in 2017.

A third email correspondence was mistakenly sent by Matthew Chiong Partnership’s Managing Partner and Data Protection Officer to the client with an attachment, which had mistakenly contained the names of two other clients of the firm.

Citing Commissioner Tan Kiat How’s grounds of decision, Deputy Commissioner Yeong Zee Kin stated in a case report on Mon (3 Jun) that Matthew Chiong Partnership that the real estate and property law firm was found to have breached its Protection Obligation and Openness Obligation under Section 24 of the Personal Data Protection Act 2012 (PDPA).

Sensitive personal information such as the client’s bank name, the NRIC numbers of the both the client and her sister, the loan account number of the bank, repayment information and collateral information were among the personal data that were wrongly disclosed as a result of the lapse.

“The disclosure of such information could have led to harm to the Complainant [the client affected by the data breach] and Sister [the client’s sister], as such financial information could have exposed the Complainant and Sister to the risk of fraud and identity theft.

“As such, the personal data of the Complainant and Sister which had been disclosed, when taken as a whole, constituted sensitive personal data,” according to the Commission.

The Deputy Commissioner added in his report: “Since the Organisation is in the business of providing legal services, and handles large volumes of personal data on a day to day basis, the Organisation and its staff members should be vigilant in its handling of personal data.”

“The fact that the same administrative staff managed to send the emails to the incorrect email address on two separate occasions within a period under one month […] despite being told of the mistake demonstrated that a culture of care and responsibility towards the handling of the personal data had not been sufficiently ingrained within the Organisation,” stressed the Deputy Commissioner in his report.

The Commission had also rejected the firm’s argument that the lapse was “a one-off mistake”.

Citing Re Furnituremart.sg [2017] SGPDPC 7, in which it was found that the organisation lacked the necessary policies and practices to protect personal data, the Commissioner concluded that Matthew Chiong Partnership’s mistake cannot be considered a “one-off inadvertent disclosure”, as it was found that the firm has failed to “implement reasonable security arrangements”.

“In response to the Commissioner’s request of the details of the Organisation’s security arrangements, the Organisation stated that:

(i) all employees were briefed on the need to keep private and confidential personal data of their clients on a regular basis; and

(ii) all employees were advised to cut and paste email addresses of clients from a legitimate source of information or click the “Reply” function to the email sent from a client rather than typing in the email addresses.

“However, the Organisation was unable to provide any evidence of such briefings to its employees,” the Commission’s report revealed.

The Commission added that a law firm such as Matthew Chiong Partnership must be subject to “a higher level of care and responsibility”, given that “a law firm and the staff handling conveyancing matters handle sensitive personal data on a day-to-day basis” and thus could have anticipated “risks of inadvertent disclosure of sensitive personal data”.

The Commission also found that “internal”, “verbal” staff briefings were insufficient in fulfilling the firm’s obligations under Section 12 of the PDPA, given that “an organisation should have some form of written policy or practice in place in relation to protecting personal data, especially if the process is complex or if the organisation frequently deals with sensitive personal data on a daily basis”.

“A well-drafted written policy has the advantage over verbal instruction of being a resource that can generally be subsequently relied upon to provide clarity about the appropriate procedures and controls to employees and help minimize the chance for any misunderstanding or miscommunication.

“This may take the form of written standard operating procedures in dealing with personal data, which would set out the operational process of how employees should deal with personal data to prevent data protection breaches,” suggested the Commission.

For just US$7.50 a month, sign up as a subscriber on The Online Citizen Asia (and enjoy ads-free experience on our site) to support our mission to transform TOC into an alternative mainstream press.

Related Posts

A man can be sentenced to death by a testimony of another, but CPIB finds it hard to prosecute with mountain of evidence and self-confession?
Opinion

A man can be sentenced to death by a testimony of another, but CPIB finds it hard to prosecute with mountain of evidence and self-confession?

03/02/2023
AFP

Myanmar junta imposes tough new measures on resistance strongholds

03/02/2023
Malaysia High Court dismissed DPM Zahid’s application to get passport returned permanently
Malaysia

Malaysia High Court dismissed DPM Zahid’s application to get passport returned permanently

03/02/2023
Why is Gautam Adani’s Indian empire in turmoil?
AFP

Adani turmoil a key test for Modi’s India Inc

03/02/2023
Kajang cops chided for denying woman access to police HQ because she was wearing shorts
Community

Kajang cops chided for denying woman access to police HQ because she was wearing shorts

03/02/2023
Adani’s brother runs SG company and registers as director with local ID
Current Affairs

Adani’s brother runs SG company and registers as director with local ID

03/02/2023
Subscribe
Connect withD
Login
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
Notify of
Connect withD
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
0 Comments
Inline Feedbacks
View all comments

Latest posts

A man can be sentenced to death by a testimony of another, but CPIB finds it hard to prosecute with mountain of evidence and self-confession?

A man can be sentenced to death by a testimony of another, but CPIB finds it hard to prosecute with mountain of evidence and self-confession?

03/02/2023

Myanmar junta imposes tough new measures on resistance strongholds

03/02/2023
Malaysia High Court dismissed DPM Zahid’s application to get passport returned permanently

Malaysia High Court dismissed DPM Zahid’s application to get passport returned permanently

03/02/2023
Why is Gautam Adani’s Indian empire in turmoil?

Adani turmoil a key test for Modi’s India Inc

03/02/2023
Kajang cops chided for denying woman access to police HQ because she was wearing shorts

Kajang cops chided for denying woman access to police HQ because she was wearing shorts

03/02/2023
Adani’s brother runs SG company and registers as director with local ID

Adani’s brother runs SG company and registers as director with local ID

03/02/2023
Minister Tan See Leng only reveals 500 intra-corporate transferees from India for last year – a Covid year

Increasing number of working Permanent Residents in Singapore but with a stable PR population

03/02/2023

A multi-party parliament is the only way to make sure that Singapore continues to not condone or tolerate corruption

03/02/2023

Trending posts

Former Singaporean shares change of life in Australia with annual pay of S$80,000 as a plumber

Former Singaporean shares change of life in Australia with annual pay of S$80,000 as a plumber

by Yee Loon
30/01/2023
25

...

Earning only S$400 a month, delivery-rider turned hawker threw in the towel after two years of running a rojak stall

Earning only S$400 a month, delivery-rider turned hawker threw in the towel after two years of running a rojak stall

by Yee Loon
26/01/2023
24

...

They have done a fine job of confusing us about the jobs situation

They have done a fine job of confusing us about the jobs situation

by Augustine Low
01/02/2023
36

...

Two Indian nationals paid about S$330 and S$730 respectively for forged certificates submitted in their S-Pass application

MOM found issuing EPs meant for foreign PMETs to PRC waitress and general worker

by Correspondent
26/01/2023
41

...

Singapore warns slower economic growth in 2023

Less than 1 in 10 jobs created in first three quarters of 2022 went to Singaporeans?

by Leong Szehian
28/01/2023
69

...

Excessively charging for an essential need, and calling it affordable because people still can pay for it?

by Terry Xu
31/01/2023
39

...

June 2019
M T W T F S S
 12
3456789
10111213141516
17181920212223
24252627282930
« May   Jul »

The Online Citizen is a regional online publication based in Taiwan and formerly Singapore’s longest-running independent online media platform.

Navigation

  • Editorial
  • Commentaries
  • Opinion
  • Politics
  • Community

Support

  • Contact Us
  • Letter submission
  • Membership subscription

Follow Us

  • Facebook
  • Twitter
  • YouTube
  • Instagram
  • Fact Checking Policy
  • Privacy Policy

© 2022 - 2023 The Online Citizen Asia

No Result
View All Result
  • Opinion
    • Editorial
    • Commentaries
    • Comments
  • Current Affairs
    • Malaysia
    • Indonesia
    • China
    • ASEAN
    • Asia
    • International
  • Finance
    • Economics
    • Labour
    • Property
    • Business
  • Community
    • Civil Society
    • Arts & Culture
    • Consumer Watch
    • NGO
  • Politics
    • Parliament
    • Transport
    • Education
    • Environment
    • Health
    • Housing
  • Law & Order
    • Legislation
    • Court Cases
  • Lifestyle
    • Travel
  • Subscribers login

© 2022 - 2023 The Online Citizen Asia

wpDiscuz