← Back to the grievance

Recreated source · structured summary

Fact sheet — case mismanagement & oversight concerns

Faithful structured recreation of the original fact sheet (dated 4 August 2025); the author's name, email and phone number have been removed.

Executive summary

This matter began as a personal access request under the Personal Data Protection Act (PDPA) but has escalated into a systemic concern about the accountability of the Personal Data Protection Commission (PDPC) and the Infocomm Media Development Authority (IMDA). The case involves a serious traffic accident, deletion of key CCTV footage, and the subsequent failure of PDPC to uphold basic statutory duties. It has been over 16 months since the incident, yet PDPC has refused to publish its findings or answer fundamental public-interest questions.

Brief chronology

• 13 April 2024 — A taxi hit my motorcycle. CCTV footage from two condominiums captured the incident.
• 16 April 2024 — Security guards from both condos identified me in the footage using only contextual information I gave — proving real-world identifiability.
• 17 April 2024 — I verbally requested access to the CCTV footage but was rejected by the managing agents, citing “PDPA” without explanation.
• 25 April 2024 — I followed up with a written request. Again I was denied, with reasons such as “data does not exist” (factually false) and “only law enforcement may access” (not a valid exception under the PDPA).
• 4 May 2024 — I filed a complaint with PDPC.
• May–Aug 2024 — PDPC adopted the managing agents’ explanations, then ceased communication; the investigation was only opened after the footage was already deleted.
• 19 May 2025 — Two decisions issued (MCST 3615 and MCST 4599).

Flawed PDPC investigation and reports

The fact sheet sets out a series of documented concerns with the two decisions (DP-2405-C2445 and DP-2405-C2318), including:

1. Misdefinition of personal data — treating identifiable CCTV footage as “not personal data.”
2. Timeline framing — the live access request was made before the footage was deleted.
3. Section 22A preservation gap — no breach found because s 22A, as worded, does not require preservation between a request and a refusal.
4. Misuse of legal concepts — repeatedly citing “discovery” processes as a reason not to intervene, which is irrelevant to a standard section 21 access request.
5. Silent retraction of guidelines — after the complainant cited PDPC’s own published CCTV guidance, PDPC declared it “incorrect” without specifying how or why, while those guidelines remain live and are still cited in other cases — then ceased all communication.

What is PDPC hiding?

The fact sheet states that PDPC has refused to: publish its own signed decisions (unlike nearly all enforcement cases in 2024–25); clarify the departure from the PDPA and its own guidelines; and answer basic public-interest questions.

Were these reports simply created to close my case — never meant to withstand public scrutiny? If PDPC truly believes its findings are sound, then publishing them should be no issue.

Public request

I respectfully urge that PDPC be required to immediately publish the two reports (DP-2405-C2445 & DP-2405-C2318) in full. If the Commission stands by its analysis, publication poses no risk. If it does not, the errors must be acknowledged and corrected. These flaws, if left unaddressed, set a precedent that may encourage organisations to delay access and delete footage with impunity.