Jurisdiction - Singapore
Singapore – Data Leak Should Prompt Companies To Review Security Measures, Says Expert.

24 September, 2014


The first data leak in Singapore to be reported in the media since the introduction of new data protection laws in the country should serve to warn businesses about their obligations to the security of personal data they are responsible for under the new regime, an expert has said.


Earlier this week Channel News Asia reported that the data of more than 317,000 customers of K Box Singapore, a karaoke entertainment provider, had been emailed to some media outlets in the country.


Customer information including K Box members’ phone numbers, email addresses, dates of birth and marital status was among the data leaked, Channel News Asia reported.


In a statement reported by the news outlet, Sinagpore’s data protection watchdog, the Personal Data Protection Commission (PDPC), said the Personal Data Protection Act in Singapore requires companies to take steps to preserve the security of personal information.


Data protection law specialist Bryan Tan of Pinsent Masons MPillay, said: “We note that the data breach has drawn the attention of the regulators even though these were the result of malfeasance on the part of third parties. It must be remembered that while organisations are required to only use collected personal data with consent, which is not the case here, they also have a separate duty to undertake reasonable security measures.”


Under the Personal Data Protection Act, organisations are obliged to “protect personal data in its possession or under its control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks”.


The PDPC has a range of sanctions open to it should businesses fail to adhere to rules set out under the Act. One option includes ordering businesses to pay a fine of up to SIN 1m (USD 800k).


In a separate recent case, Singapore mobile operator M1 confirmed that a “potential security breach” within its ordering system had been identified and fixed. The company had temporarily suspended orders from consumers for Apple’s new iPhone devices “as a precaution to protect our customers’ personal information”.


“M1 places the utmost priority in protecting our customer data and privacy and has implemented strict processes and procedures to safeguard customer information including regular security audits,” M1 said in a statement, according to a report by ZDNet. “We will be conducting a full review on this incident, and we sincerely apologize for the inconvenience caused.”


Pinsent Msaons MPillay


For further information, please contact:


Marc Dautlich, Partner, Pinsent Masons

[email protected]


Cerys Wyn Davies, Partner, Pinsent Masons

[email protected]


Homegrown TMT Firms in Singapore

Comments are closed.