A financial penalty of $10,000 was imposed and directions were issued to HMI Institute of Health Science for failing to put in place reasonable security arrangements to protect the personal data of former students.
Case No. DP-2405-C2321
HMI Institute of Health Science Pte. Ltd. (the “Organisation”) is a healthcare training provider in Singapore. On 2 May 2024, the Organisation notified the Personal Data Protection Commission (the “Commission”) of a personal data breach incident after it received a complaint from an affected individual who found an Excel file containing the personal data of 761 individuals which the Organisation had inadvertently made publicly available on the Internet (the “Incident”).
The personal data disclosed included a combination of the name, address, email address, telephone number, NRIC number, date of birth, nationality, race, gender and educational qualification.
Read more at the Personal Data Protection Commission of Singapore.