On 10 November, Singapore’s Personal Data Protection Commission (PDPC) published details of financial penalties it had imposed on two companies, Tokyo Century Leasing and Ascentis, both of which were fined for their alleged failure to apply reasonable security arrangements to safeguard personal data. 

Tokyo Century Leasing was fined SGD 82,000 (approx. GBP 48,540) after suffering a ransomware attack reportedly caused by outdated software. Over 141,000 people were affected by the attack. 

Ascentis was fined SGD 10,000 (GBP 5,920). The company outsourced development of software to a third party that allegedly failed to implement adequate security controls. The software was found to be behind a recent data breach at Starbucks affecting over 332,000 people. 

Alongside these decisions, the PDPC also focused on rectifying the data breach incident involving Starbucks. The commission issued an undertaking, accepting Starbucks’ plan to remedy the breach and address systemic shortcomings in their data protection practices.   

These actions by the PDPC emphasise the importance of stringent data protection measures and the consequences of failing to comply with established standards. The fines and acceptance of the remediation plan highlight the PDPC’s commitment to enforcing robust data protection policies in Singapore, ensuring consumer data safety. 

As a global B Corp Data Protection Officer (DPO), we assist organisations to maintain compliance to global data protection and privacy regulations. We have Subject Matter Experts who can support you with any queries you may have in relation to Singapore’s data protection regulations.

If you would like to discuss this topic or anything else data protection and privacy-related, please contact us at dpo@hewardmills.com.