This month, the Commission has issued three Undertakings.

The new Undertakings reveals breaches stemming from various ransomware attacks due to the insufficient security IT measures implemented, affecting the personal data of over 690,000 individuals.

In response, the affected organisations are to implement remediation plans to rectify the immediate breach and address any systemic shortcomings to ensure compliance with the PDPA on a continual basis, such as:

• Enforce a stricter password policy requiring strong and unique passwords for all accounts
• Implementing Multi-Factor Authentication (MFA)
• Engaging a DPE service provider to implement basic data protection and cybersecurity measures
• Conduct training sessions for employees to raise their awareness on data protection and cybersecurity best practices

The PDPC has accepted these undertakings having considered the number of affected individuals, the types of personal data involved and the impact of the Incident.

Access the Undertakings here.