On November 4, Singapore's PDPC found that Smiling Orchid Pte. Ltd., a food caterer, failed to make reasonable security arrangements to prevent unauthorized access to its customers' personal data on its website, and the PDPC imposed a S$3,000 penalty for violating the Personal Data Protection Act of 2012. The PDPC noted that users were able to access other customers' personal data by altering the URL of their order preview webpage. The PDPC also directed Smiling Orchid to conduct a security audit and to patch all identified webpage vulnerabilities.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.