Insurance company AIA fined $10,000 by PDPC for personal data breach

Lester Wong reports from Singapore:

Insurance company AIA was fined $10,000 by the Personal Data Protection Commission (PDPC) for mistakenly sending 245 letters meant for various customers to just two people due to a programming error in its software system that auto-generates the letters.

The bulk of the letters (237) were premium notice letters for the company’s Integrated Shield Plan, and contained full names and policy numbers of the intended recipients, as well as premium amounts and due dates.

The letters were sent out between Dec 28, 2017, and Jan 2 last year, with 179 sent to the first recipient and 66 to the second one.

Read more on The Straits Times. That seems like a steep penalty for that kind of error.  How many mismailings have we seen in this country that never resulted in any fines at all?

About the author: Dissent