Singapore's privacy watchdog fined ride-hailing app Grabcar
S$10,000, saying a 2019 update put the data of some users at risk of
unauthorised access.
SINGAPORE
(Reuters) - Singapore's privacy watchdog fined ride-hailing app Grabcar
S$10,000 ($7,310), saying a 2019 update put the data of some users at risk of
unauthorised access in what the watchdog said was a fourth breach of data
privacy regulations and "a significant cause for concern".
In a filing published on Sept. 10, the Personal Data Protection Commission
(PDPC) said the update risked the personal data of 21,541 drivers and
passengers, including profile pictures, names and vehicle plate numbers,
related to carpooling service GrabHitch.
Grabcar, a unit of
Southeast Asia's largest startup Grab Holdings, rolled back the app to the
previous version within about 40 minutes and took other remedial action, the
PDPC said.
"Given that
the organisation's business involves processing large volumes of personal data
on a daily basis, this is a significant cause for concern," the PDPC said.
The regulator also
directed Grab to put in place a data protection by design policy, where data
protection measures are considered and built into tech systems as they are
being developed.
In a statement in
response to Reuters' query on Sunday, Grab said: "To prevent a recurrence,
we have since introduced more robust processes, especially pertaining to our IT
environment testing, along with updated governance procedures and an
architecture review of our legacy application and source codes."
No comments:
Post a Comment