Grab beefs up data protection, Latest Singapore News - The New Paper

Grab beefs up data protection

This article is more than 12 months old

Grab Singapore made clear yesterday it takes data protection and users' privacy very seriously, pointing to immediate steps taken after it detected unauthorised disclosures by its ride-hailing firm GrabCar on Dec 17, 2017.

On Tuesday, GrabCar was fined $16,000 for the unauthorised disclosure of the names and mobile numbers of 120,747 customers in marketing e-mails.

Mr Tan Kiat How, Commissioner of the Personal Data Protection Commission (PDPC), recognised in his decision grounds that GrabCar took immediate action and changed its practices.

Grab reported the incident immediately to the PDPC when it was discovered, said a Grab spokesman.

"To prevent a recurrence, we had immediately put in place more rigorous data validation and checks, including new processes that require a third person to perform sanity checks on data as well as masking phone numbers in all marketing campaigns," added the spokesman.

She stressed Grab's commitment to personal data protection and apologised for "any anxiety caused".

A second report issued by the PDPC on the same day dealt with GrabHitch driver-partners.

In the separate case, Deputy Commissioner Yeong Zee Kin issued directions to GrabCar for failing to install security arrangements for GrabHitch drivers to protect passenger data.

This case involved separate complaints by two passengers who used GrabHitch to book carpool rides provided by two drivers on separate occasions. The passengers complained that the drivers had posted their data without their consent on Facebook.

Mr Yeong held in a significant ruling that a GrabHitch driver is not an "organisation" under the PDPA, pointing out it is the company that discloses the passengers' personal data to the GrabHitch drivers in the company's chosen manner and for the purpose deemed acceptable by the company.