Neo was also suspected to have abused the computer systems holding the customers’ personal data.
The Personal Data Protection Commission (“PDPC”) has imposed a financial penalty of $US21,000 on Neo Yong Xiang (“Neo”), the sole proprietor of mobile phone retailer Yoshi Mobile. Neo had used customers’ details to register pre-paid SIM Cards and resold them, all without their consent. This is the first case under the Personal Data Protection Act (“PDPA”) involving egregious misuse of individuals’ personal data to activate and re-sell SIM cards for financial benefit.
Investigations into Yoshi Mobile for suspected breach of Personal Data Protection Act and Computer Misuse Act
While investigating into complaints concerning mobile text messages advertising the sale or rental of property sent to complainants who had registered their numbers with the Do Not Call (“DNC”) registry, the PDPC discovered that a significant number of messages were sent from SIM cards registered through Yoshi Mobile.
As a retailer of telco SIM cards, Neo had access to customer data. He used customer data to register additional prepaid SIM cards his customers did not request for. He then sold them to anonymous buyers who intended to use them send text messages. PDPC concluded its investigations and found Neo, trading as Yoshi Mobile, in breach of the PDPA. The Police also conducted parallel investigations into possible cheating related offences, as Neo was also suspected to have abused the computer systems holding the customers’ personal data in the commission of the offences.
Having concluded their investigations, the Police will be charging Neo in court on 11 March 2022 with two counts of Cheating punishable under Section 4(3) read with Section 11A of the Computer Misuse Act read with Section 417 of the Penal Code in relation to his alleged misuse of the computer systems. The offence of cheating under Section 417 of the Penal Code carries an imprisonment of up to 3 years, or a fine, or both. The offence of accessing a computer with intent to commit or facilitate commission of offence under Section 4(3) of the Computer Misuse Act is punishable with imprisonment of up to 10 years, a fine of up to $US50,000, or both
