K Box could be fined $1 million
Karaoke chain K Box could be fined up to $1 million by the Personal Data Protection Commission (PDPC), said intellectual property and technology lawyer Han Wah Teng.
The PDPC is a Government statutory body established last year to administer and enforce the Personal Data Protection Act 2012 (PDPA).
A spokesman for the PDPC said: "Under the Personal Data Protection Act, organisations are required to make reasonable security arrangements to protect personal data in their possession or under their control in order to prevent unauthorised access, collection, use or similar risks.
"The PDPC is concerned about the scale of the alleged disclosure of individuals' personal data and has since reached out to K Box to investigate this matter."
K Box members whose details have been exposed can seek legal recourse against K Box. But Mr Han, who practises at Fortis Law, thinks that most people would choose not to.
"It's a family-friendly establishment. So there is no embarrassment involved with being a member.
"But in the case of celebrities, maybe they could be concerned with harassment, so the damages could be higher."
He feels K Box should be worried about the PDPC.
"While they did not deliberately disclose or abuse their customer's data, they have been negligent in protecting the information."
The police confirmed that a report has been lodged and they are looking into the matter.