This is the second time that the real estate industry has been in the news over data privacy issues in recent years.
PropNex Realty has been fined $10,000 by the Personal Data Protection Commission, after it inadvertently leaked the personal data of 1,765 individuals online – the second time the real estate industry has been in the news over data privacy issues in the past three years, reported the Straits Times.
The privacy watchdog began investigating PropNex in December 2015, after an unnamed woman complained that her name and mobile number, including those of her sisters, were found in an unsecured PDF file that were freely available online. As a result, she and her sisters had been receiving unsolicited marketing messages and calls from telemarketers and moneylenders.
In its decision released earlier in the week, the commission noted that while PropNex removed the PDF file containing one item or all of the information – name, mobile number, e-mail address and residential address – of 1,765 persons in January 2016, the document had been posted on the Internet for several months.
This comes as PropNex failed to detect the huge security flaw in its system for five months, despite periodic testings.
With this, the commission ruled that PropNex violated the Personal Data Protection Act when it failed to take reasonable security measures to protect the personal data under its control or possession.
It also directed PropNex to scan its system for more vulnerabilities, while barring it from sharing sensitive files among its agents until the security flaw has been fixed.
P&N Holdings, the holding company of PropNex, said the data leak was unintentional.
“Immediately after notification, systems and procedures were enhanced… All such information is now protected with a password,” said PropNex spokesperson Carolyn Goh.
Romesh Navaratnarajah, Senior Editor at PropertyGuru, edited this story. To contact him about this or other stories, email romesh@propertyguru.com.sg