Skip to content

Case Notes

Case Notes

This case related to DPP4 - Security of personal data

Case No.:2023DB03

A folder that contained personal data of students and parents was accidentally disposed of – DPP 4 – security of personal data


A school reported to the PCPD that a cleaner had mistakenly treated a folder that contained auto-pay documents with personal data of over a 100 students and parents (the Folder) as waste and disposed of it at the refuse collection point near the school. An investigation conducted by the school revealed that the clerk responsible for handling auto-pay documents placed the Folder on the rubbish bin under her desk. As a result, the cleaner disposed of the Folder together with other waste by mistake.

Remedial Measures

Upon receipt of the notification from the school, the PCPD initiated a compliance check. In response to the incident, the school reminded the clerk of the need to exercise caution in handling and safekeeping documents containing personal data. The school also provided the cleaner with training on proper waste disposal procedures. Besides, the school incorporated guidelines and points to note on personal data protection into its staff code of conduct. The revised code of conduct was disseminated to staff through meetings and workshop training.

Lesson learnt

Regardless of whether personal data is accidentally lost, leaked or improperly disposed of, the potential harm to the affected individuals should not be underestimated. In addition to establishing effective data protection policies and practices, organisations should strengthen security measures to safeguard personal data. This includes implementing measures and monitoring mechanisms to ensure employees comply with policies and procedures, as well as providing comprehensive training to strengthen employees’ awareness of personal data protection and minimise the risk of human errors.

(Uploaded in February 2024)

Category : Provisions/DPPs/COPs/Guidelines : Topic/Subject Matter :