01/10/2022 | News release | Distributed by Public on 01/10/2022 05:32
2. Out of these, two cases were found to be in breach of the Personal Data Protection Act (PDPA) for failing to notify and obtain consent from individuals before selling their personal data to third parties for telemarketing purposes. One of the cases involved a company, which was fined $48,000. The other involved an individual who was fined $6,000. Both were directed to cease their actions and rectify their data protection practices. A third case involving a company was investigated but no breach was found. The company was advised on how to improve its data collection practices and how to communicate its Privacy Policy to users more effectively.
3. PDPC takes a firm stance against the unauthorised sale of personal data, so as to safeguard against harms to the public, such as identity theft and unsolicited calls. Organisations purchasing contact lists must do their due diligence to ensure that the sale is authorised, and that the data is sufficiently accurate and updated for their purposes.