You are here
CDP fined S$32,000 for personal data breaches over dividend cheques sent to outdated addresses
THE Central Depository (CDP) has been fined S$32,000 for personal data breaches when it mailed some dividend cheques to outdated addresses, putting some 200 account holders at risk of having their personal data disclosed.
The unit of Singapore Exchange, which provides clearing, counterparty guarantee and depository services for securities transactions, mailed dividend cheques to possibly 211 CDP account holders at their outdated addresses last year.
The number of CDP account holders was deduced from the number of dividend cheques not presented for payment, according to a written decision by the Personal Data Protection Commission dated March 30 but published only two days ago.
The information disclosed in the mailers included account holders' names, NRIC numbers and dividend amounts.
The CDP's slip-up came after the firm migrated its software system in late 2018, and the new software captured both the updated addresses of account holders as well as their historical addresses. A CDP account holder complained when the cheque for his or her dividends was sent to an outdated address and the slip-up came to light.
Besides CDP, Singapore Accountancy Commission and education provider MDIS Corporation were also fined S$5,000 and S$10,000 respectively for breach of the Personal Data Protection Act, while another six organisations were warned for failing to put in place reasonable security arrangements to prevent unauthorised disclosure of personal data.