Four errant firms fined for unauthorised disclosure of customers' personal data

Seven other companies were issued warnings.

Financial penalties have been imposed on four companies for breaching the Personal Data Protection Act, with fines ranging from $5,000 to $50,000.

The Personal Data Protection Commission (PDPC) said in a release that the biggest fine was levied against karaoke outlet chain operator K Box Entertainment. K Box's failure to implement proper and adequate protective measures to secure its IT system resulted in unauthorised disclosure of the personal data of 317,000 K Box members.

K Box's data intermediary, Finantech Holdings, was also fined $10,000.

Meanwhile, the Institution of Engineers, Singapore was fined $10,000 for failing to implement proper and adequate protective measures to secure its IT system, resulting in unauthorised disclosure of the personal data of more than 4,000 members.

Fei Fah Medical Manufacturing was fined $5,000 for failing to implement proper and adequate protective measures to secure its website and server, which resulted in unauthorised disclosure of the personal data of more than 900 customers.

The firms which were issued warnings include Universal Travel Corporation, which disclosed a passenger list that exposed the personal data of 37 passengers without consent. Challenger Technologies and its data intermediary Xirlynx Innovations were also issued warnings for failing to prevent unauthorised disclosure of Challenger members’ personal data while sending out emails to some 165,000 members.

Other firms that were issued warnings include Full House Communications, Metro, Singapore Computer Society, and YesTuition Agency.