As cybercrime rises, data breach fines may exceed $1 million

Article Banner

In the wake of the pandemic, cybersecurity risks have risen dramatically. Not only has the number of reported data breaches gone up, but the size of the breaches has also increased.

This is the assessment of Ng Quan Cheng, who is Manager, IT InfoSec, and the Data Protection Officer (DPO) at Straits Interactive, which set up and supports the Data Protection Excellence (DPEX) Network community.

In recent years, both firms and individuals in Singapore have faced increasing cyber threats and online scams such as phishing and ransomware attacks. In fact, an August report by the Cyber Security Agency of Singapore (CSA) highlighted a 54 percent jump in ransomware cases and a 17 percent increase in phishing cases.

This followed an April announcement by the CSA that a recurring tech support scam had tricked at least 154 victims since January of at least SGD7.1 million.

2020 PDPA amendments take effect 1 Oct

In March this year, Ms Josephine Teo, Minister for Communications and Information and Minister-in-charge of the CSA and Smart Nation Initiative, confirmed that amendments to Singapore’s Personal Data Protection Act (PDPA) would Fa.

The most notable of the amendments, which were passed in parliament in November 2020, but held back from implementation until now due to pandemic-induced economic uncertainty, is the raising of maximum financial penalties for data breaches to SGD1 million, or 10% of local annual turnover for organisations with turnover exceeding SGD10 million, whichever is higher.

In other words, if your organisation’s local annual turnover is above SGD10 million, the maximum financial penalty is now 10% of that turnover and hence possibly above SGD1 million.

This increase in fines, the Minister said, is to uphold public trust in organisations that handle personal data in their business operations, and to ensure that they continue to take ownership and be held accountable for protecting such data.

Expect larger fines for upcoming data breaches

Straits Interactive’s DPO Ng noted that recent data breaches might have potentially incurred fines in excess of SGD1 million, had the amendments been implemented earlier.

Last year, hotel booking platform RedDoorz was found to have compromised the security of 5.9 million customer records in the largest data breach incident in Singapore since the PDPA was enacted in 2012. The company was assessed an SGD74,000 fine.

Currently, the Personal Data Protection Commission has imposed the largest fines on Secur Solutions Group ($120,000), SingHealth ($250,000), and IHiS ($750,000) for the breach of the protection obligation, the most commonly breached

Already a member?  
Unlock these benefits

Get access to news, enforcement cases, events, and actionable tips and guides


Get regular email updates and offers


Job opportunities, mentorship and career guidance


Exclusive access to Data Protection community - ask questions, network and share knowledge with peers and experts via WhatsApp and Linkedin

Related Articles