back to article Singaporean regulator punishes biggest-ever data breach: Almost 5.9 million hotel customers' info exposed

Singapore's Personal Data Protection Commission (PDPC) has issued a fine of SG$74,000 ($54,456) on travel company Commeasure, which operates a travel booking website named RedDoorz that exposed 5.9 million customers' data – the largest data breach handled by the Commission since its inception. The PDPC announced the penalty …

  1. Anonymous Coward
    Anonymous Coward

    All good then

    - Hole plugged

    - Fine applied

    - Fine paid

    (Dusts off hands)

    = All good

    Hang on, what about the 5.9 mugs out there who’s data is in the wild?

  2. Pseu Donyme

    The fine seems far too puny ...

    ... to act as a real deterrent for this particular company or others; the proper order of magnitude would be something that brings a company if not within an inch of its life then at least within a foot, the idea being that raking these in is not an option.

    As the level where this happens while not resulting in an outright bankruptcy very much depends on circumstances, I'd suggest an alternate scheme where a company is forced to issue a substantial amount of new shares to be sold to the public with the proceeds going to government coffers: this should result in sufficient annoyance among existing shareholders to make a difference.

    Another alternative could be a fine as a percentage of yearly revenue to be garnered from profits before any are paid out; this would also work companies other than LLCs, again without resulting in an immediate bankruptcy while hopefully getting the message trough.

    In any case, while repeat offenses should attract higher penalties, the initial one must be substantial enough to act as a deterrent in itself; a token fine like this essentially means a license to ignore regulation until caught (and while appeals drag trough the courts, which is another problem, especially with well heeled companies with the resources to make sure this takes ages; with this in mind a fine should perhaps be a fixed percentage of yearly revenue or the combined revenue for the period in which there was an active violation, whichever is higher, for an incentive to fix things while waiting for the final verdict).

  3. MOH

    That 1 cent per customer is really going to hurt them

  4. Anonymous Coward
    Boffin

    A modest proposal

    1) the breached company shall issue 5% of its voting shares common stock to the affected parties (divided equally among them.

    2) if the breached company is privately owned, 10% of their net worth shall be used instead of its common stock.

    2) the company will pay all legal and accounting costs associated with the judgement.

    3) the judgement will bar class action suits but allow suits for actual damage above and beyond the settlement.

    I'd love to see Zuck have to eat a $45b fine for his next data breach.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like