Karaoke entertainment operator K Box may have to brace itself for regulatory action after analysts said that it might have fallen foul of the national Personal Data Protection Act (PDPA).
A group calling themselves The Knowns sent an email containing links to a database purportedly containing the personal details of more than 317,000 members to several media outlets, including MediaCorp. The list includes names of K Box members as well as their contact numbers, email addresses, NRIC numbers, dates of birth and marital status.
Gartner’s Principal Research Analyst Anmol Singh said K Box might be in breach of Section 24 of the PDPA. According to the advisory guidelines on the PDPA by the Personal Data Protection Commission, Section 24 refers to a company’s “protection obligation” when handling customer information.
The clause states: “An organisation must protect personal data in its possession or under its control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.”