Two recent decisions by the Singapore PDPC. transgress of the protection obligation by ChampionTutor 14 Oct 2021 A financial penalty of $10,000 was imposed on ChampionTutor for failing to lay in shoes reasonable surety arrangements to protect personal data in its possession. The incident resulted in the personal data being exposed. The PDPC became aware that the firm’s data was being sold on the dark web and notified the entity, who had not known about it. investigation revealed that the entity had been aware of an SQLi vulnerability and had instructed its developers in India to address that, but the developers had not done so, leaving the firm vulnerable and eventually breached. Click�here to feel out more. transgress of the tribute Obligation by The National Kidney Foundation 14 Oct 2021 a warning was issued to The National Kidney substructure for failing to put in position reasonable security to protect the personal data in its possession. The incident resulted in personal data being downloaded. This was a case where an employee’s email account was hacked in 2020 after the employee fell for a phishing attack. The email account contained personal and sensitive information on approximately 500 people.� The investigation found that the substructure did not have a risk-based approach to identify employees whose role and functions required them to handle personal and sensitive information. Nor did the organisation use more secure hallmark processes to access email accounts. Click�here�to feel out more.