On April 19, 2018, the PDPC fined a health care company for failing to meet its obligation to make reasonable security arrangements for the protection of personal data under Section 24 of the PDPA. The Commissioner determined that the company disclosed sensitive, medical-related personal data without authorization and failed to adequately safeguard such data.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.