FAQs Regarding Road Traffic Accidents For Motorists & Pedestrians



#1 Can I make a claim for the accident?

Of course, you can, so long as it is a valid claim, you are not largely or wholly negligent (at fault) and you have sustained injuries, suffered losses or incurred expenses arising from it.

#2 What can I claim for?

There are three types of damages:


These are damages to compensate you for loss and expenses based on your medical and specialist medical report,

Such as:

  • Pain and Suffering
  • Future loss of income
  • Future nursing care
  • Future medical treatment or surgery
  • Future additional transport costs
  • Future items required such as a wheelchair, bedding, etc.

This list is non-exhaustive. To know exactly what you can claim, please give us a call at 6557 0215.


These are damages to reimburse you for any fixed and quantifiable expenses already incurred due to the accident, including but not limited to:

  • Medical expenses
  • Transport costs
  • Repair costs
  • Rental costs for substitute vehicle
  • Loss of pre-trial salary
  • Pre-trial caregiver costs
  • Cost of medical equipment e.g crutches, wheelchair, bath rail, etc.
  • Damage to personal effects e.g clothing, jewellery, etc.


The fixed sum of 15,000.00 on top of dependency claims and all others are claimable, in the event of a fatal accident.

Please note that all heads of damage are subject to the issue of liability and proof of your claim. This, you shall be advised on when seen by your lawyer. Here at DL Law corporation, we shall provide you with handheld guidance throughout on what you would require maximising your claim.

Remember to keep all medical notes and reports, proof of medical expenses, taxi/grab fare receipts, previous and ongoing payslips, previous Notices of Income Tax Assessments, CPF statements and employment contracts.


#3 What if the other party was uninsured?

If the person who caused the accident was uninsured at the time, you may still apply to the Motor Insurance Bureau to satisfy your claim.

Call us for an appointment to make a claim with the Motor Insurance Bureau.

#4 What can I do if I wish to make a claim from a hit-and-run accident?

If you have suffered personal injuries as a result of the accident and do not have the details of the other party as he has escaped the scene, you may still make a claim to the Motor Insurance Bureau.

#5 How long do I have to make a claim for the accident?

For injuries sustained in a road traffic accident, your claim must be filed within 3 years of the accident date, subject to certain exceptions.

#6 Should I accept the insurance company’s settlement offer?

Some insurance companies may make attempts to reach out to you with an offer to wrap up the matter. You would want to seek legal advice on this, so as to not compromise your claim. Consult a lawyer when approached by anyone representing the third party or if someone projects to be helping you.

Remember, once settled, there is no turning back!

#7 What are the legal fees payable should I seek to claim for damages against the other party?

Should you be successful in your claim, most of your costs will be borne by the other party. To get a clearer picture of the legal fees payable, please feel free to contact us at 6557 0215 to arrange for a consultation with our lawyers.


#8 How long will it take to process my claim?

Every case turns on its own facts. Most claims end in settlement, which may sometimes occur in a matter of months. However, if the matter goes to trial, the claim is likely to take longer to conclude. Discuss with your lawyer on this.

How can DL Law Corporation help you with Road Traffic Accident claims?

Call us at 6557 0215 for a free consult

All we need is about 30 minutes to assess your claim

Advise you on the winning possibility of your case

Advice you on what you can claim

Advice you on the evidence to gather to ensure you do not compromise your claim

We apply for all parties traffic police reports

We apply for all medical reports

After the medical reports are in, we shall seek your instructions on making a request for Specialist medical reports

We shall do legal research and prepare the letter of demand and advise you once again on your claim sum

Letter of demand shall be issued to the 3P and the person’s insurers

They have to comply with certain fixed timelines. If they fail to do so, then we proceed further to start court actions.

If they comply with timelines and make an offer, we shall endeavour to conclude the matter at this stage, without the need to start court action


Nowadays, the insurers mostly try coming back with an offer without the need for court process. We shall advise you of the offer and make proposals to get the best compensation for you.



Engage A Road Traffic Accident & Personal Injury Lawyer With Over 20 Years Of Experience

G. Prasanna Devi
Advocate & Solicitor
Road Traffic Accident Expert

Ms G. Prasanna Devi has the proven expertise that helped 1,000+ clients over the past 20 years from all walks of life in virtually every type of accident and injury. She and her team of lawyers know what and how to present a strong case to achieve your claim to the fullest.

“After my accident, I was recommended to [Ms Prasanna] by a close friend. Right at the start, Ms Prasanna showed me the sincere way she worked by coming to see me in the hospital I was warded in. I had bad experiences with lawyers in the past, where I had to constantly chase them for updates on my case. However, in my 15 months when my case was on-going, it was Ms Prasanna who was proactive in updating me regularly of any developments in the case. She gave clear options and sound advice to avoid prolonging the case longer than usual. Her recommendation for me to see a psychiatrist was more for my well-being, rather than to strengthen my ongoing court case.. Although the staff was always polite, I mainly dealt directly with Ms Prasanna. Her charges were reasonable for the amount of work that she had to do for my case. I would definitely recommend her services to anyone in need.”

Mr Samat

“Ms Prasanna would have to be the most amazing and caring lawyer and I couldn’t have asked for better representation and an even better outcome. Ms Prasanna and her legal team, over the course of three years, fought very hard for me. They all went above and beyond what one would deem necessary. They were available to me at anytime, my needs were put first at all times and they were truly professional in supporting my case and myself right to the very end. I felt reassured throughout the whole process and thanks to this professional team, I am now able to move forward. You are in the best hands when Ms Prasanna is helping you.”

Mr Jeewantha

“I would like to thank [Ms Prasanna] profoundly for your professional and excellent counsel during the course of my successful injury claim. You have demonstrated understanding and compassion and I felt comfortable and totally assured at all times even though I got to know of your services from your website. My gratitude also goes to your dedicated and efficient team who have done a great job. Lastly, I will not hesitate to recommend your services to any of my family members or friends who are in the same predicament as mine. Thank you once again! Merry Christmas and Happy New Year!”

Mr Ivan

Brought to you by DLLC Legal News

DL LAW CORPORATION is a Singapore-based law firm that helps businesses and business owners with their legal needs. The firm is a keen supporter of Small and Medium Enterprises and advises many SMEs on their legal issues, both corporate and litigation matters. Grab a FREE CONSULTATION today at www.dllclegal.com or send your email to contactus@dllclegal.com to book your appointment.

The contents and views set out above are those of the author(s) and/or are personal views and for information only. It does not constitute in any way any legal advice or representation to the reader even if the facts appear similar to your fact situation. You are strongly encouraged to seek legal advice should you have any legal issues.

Questions Business Owners Must Ask Their Landlord, Banker or Supplier Amidst COVID-19

questions to ask landlord banker supplier covid 19





It has been a truly trying time for everybody dealing with the COVID-19 virus pandemic. The dreadful virus has spared nobody from individuals, small businesses, big businesses, coffee places, food and beverage outlets to healthcare providers, family members, domestic-workers and now migrant workers usually living in dormitories.

Everyone is fed-up and frustrated to hear another word about “Covid-19” or how many hundreds of people have been infected each day. Every day of rising number of cases is another day that we may be “locked-down” and it is affecting everybody’s sanity.


On 21 April 2020, the Singapore Government took 2 major emergency steps to contain the virus. First, they are tightening the movement of persons including essential services and second, extending the “circuit-breaker” period to 1 June 2020. The lock-down has been extended but you must continue to keep your spirits up and high.


Everybody is feeling the heat. Unfortunately, the writings are on the walls that all may not be rosy after the circuit-breaker is lifted. If only we knew what will happen in the future we could plan forward.

All is not lost. We can still plan ahead and in light of the Covid-19 (Temporary Measures) Act 2020 (“Act”) which came into effect on 7 April 2020, we can plot and plan to fight another day bravely.

While we remain completely upbeat and positive with you, we ask all our start-ups, SMEs and corporate organisations, battered in this Covid-19 pandemic war, to also strategically plan ahead and expect the unexpected. Tough you say, but we will get through this…


50% of the battle is winning it in your mind. Focus on what you have to do for your company. Choose only the key objectives for the next 3 months to 6 months¹. That is how Intel, Google, Youtube do it; take a leaf from their leadership and management style.

Say it loudly, like a war cry, that “We will Get through This and We Will Be Stronger…”.


Some of you have already gotten comfortable with telecommuting i.e. working from home and others have seized the opportunity by jumping on the on-line platform to sell your products.

Others have taken this opportunity to send their staff for re-training or to plan and charter a new course as soon as the lockdown is lifted. Opportunities are aplenty and doors will open to new avenues. You must look for them and look for them confidently.

As you plan, we provide a quick summary of the reliefs available to Singapore businesses and companies.


The Act offers temporary relief (“Relief”) to businesses (and individuals) who are unable to perform their contractual obligations owing to Covid-19 on or after 1 February 2020.

It is important to note that the Reliefs are for contracts that were entered into before 25 March 2020. Therefore, if you entered into an agreement on or after 25 March 2020, the Act would not come to your aid².

For Tenants in Commercial / Industrial / Non-Residential Property

  • As a tenant, the Landlord cannot terminate your lease or evict you.
  • The tenancy can be suspended for up to 6 months.
  • If you are unable to pay your rent from 1 February 2020 or later, then you can apply for relief.
  • Your inability to pay must be related to Covid-19; and
  • Your rental obligations before 1 February 2020 is still your liability and Relief will not be given.

What can you do?

  • Apply for Relief if your obligation arose after 1 February 2020;
  • For rent owing before 1 February 2020, negotiate with your landlord;
  • If you have a difficult landlord, apply for Relief anyway;
  • Be aware that section 29 of the Act requires the landlord to pass the property tax rebate to you. This means that your rent should be lower.
  • However, we note that the amount may not be significant. Depending on whether you are in the event management or tourism-related industry and food and beverage industry, the rebates to the owner will be 100% and for every other commercial tenancy, the rebate is 30%.

For example:

  • Annual rental is $120,000 (i.e. $10,000 a month).
  • Property tax is 10% of annual value. (10% x $120,000). The property tax payable would be $12,000.
  • The rebate given by the Government to owners is 30% of the property tax,(30% of $12,000). If the commercial property is in events, tourism or F&B, then the amount is $12,000.
  • The landlord would receive $4,000 or $12,000 as the case may be in rebate which must be passed onto you.

Bear in mind that this is an annual rebate and not a monthly rebate. It means that from your total rental costs, and if we use the above example, $4,000 could be reduced from your overall rental payable. You will notice that this rebate is to defray or lower your rental costs for a noticeably short period. It is not a long-term solution.

The landlord has the discretion to pass the rebate to you over a period of time or a one-off payment. It is not automatic, that you expect a one-off payment or reduction.

Whether it is enough to cover your monthly rental when businesses are affected and continue to be affected is a big question mark. The better view is to aggressively negotiate with your landlord and work a plan that would be mutually beneficial to both parties.


For Borrowers

For certain secured loan facilities, companies who are unable to repay secured loan, there will be no enforcement of security held by the banks and financial institutions for commercial or industrial property, plant or machinery secured against the business.

The key word here is “secured” loans. It does not cover unsecured loans such as credit card debt or loans from money lenders.

  • Your reason for not being able to pay the secured loans must be related to Covid-19;
  • It does not cover any loans that should have been paid before 1 February 2020.
  • You would also not have any protection for security enforced before 20 April 2020.

What can you do?

  • Apply for Relief anyway. Buy yourself some time.
  • Plan your finances;
  • Negotiate with your creditors;
  • Consider a business loan but we would urge you to thread very carefully and consider if you are able to repay the loans measuring against your future business;
  • Be aware that even if you have obtained Relief, it does not free you from paying your loan repayment amounts. It merely buys you time and you must have a plan in place on how you are going to make repayments.
  • The Relief is for a period of 6 months starting from 20 April 2020 until 19 October 2020.

For Buyers Buying on Hire-Purchase for Company’s or Commercial Use

  • If you are unable to pay the instalment,
  • the goods for commercial purposes are not subjected to repossession;
  • Any insolvency or Court proceedings will not be allowed to be commenced;
  • To be clear, it does not cover goods which are for personal purposes;
  • It does not apply to vehicle rental agreements; and
  • All payments before 1 February 2020 are still due and payable to the principal.



For Contractors and Sub-Contractors

For contractors or sub-contractors who are unable to fulfil their obligations or deliver their obligations under your contract or supply contract, you can apply for Relief so long as the reasons for your inability to fulfil your obligations are due to Covid-19.

The Relief will serve as a defence to a claim for breach of contract. The other party will not be able to commence any proceedings or call on any performance bond against you from 20 April 2020 to 19 October 2020.

It is quite likely that most of your work may have been carried out by migrant workers and they may no longer be working with you for a variety of reasons.

This relief is not a mechanism for you to avoid fulfilling your obligations even if you think that you may lose money if you were to continue with the project. Your existing obligations under the contract must still be completed.

For Event-Organisers and Tourism-related Companies

All contracts related to events, venue-booking, tours, catering and transport would qualify for Relief as long as it was an occurrence after 1 February 2020 and before 25 March 2020.

  • Be aware that it only to applies to contracts governed under Singapore law; and
  • It does not apply to contracts for air travel such as airline tickets.
  • The relief ensures that your deposit cannot be forfeited or to pay for any cancellation fees.

What can you do?

Negotiate with the provider to find a fair figure or for a 100% refund.



The act provides for you to file and serve a notice by email by use of a form or format known as a “Notification For Relief” stating, among other things, that you are seeking relief for a certain category and your proposal for repayment if any.

If the other party rejects or refuses the Notification For Relief, you can apply to an Assessor for an assessment to be made where relief should be granted to you. Lawyers are not permitted to attend to represent you but it does not prevent you from seeking legal advice. The Assessor’s decision is not appealable which means his decision is final.

It is supposed to be a quick and easy way for the Assessor to decide and reach a fair decision for both parties.

The success of your case would depend very much on the discretion of the Assessor and the assessment will be based on the current environment and the careful facts presented to the Assessor for you to be successful.


For completeness, we provide a sample form of the Notification For Relief which you may use and customise Under Section 9(1) of the Act read together with Regulations 9(2) 2020³ as a shield to claim, defend or to ask for relief.

We have also included 2 draft letters to the Landlord and the Bankers for your use as you see fit (just leave your email address here and we’ll send it to you via email within the hour).

  1. Notification For Relief Form;
  2. Letter To Landlord; and
  3. Letter To Banks / Financial Institutions


We have explained above what protection is available to you. Preserve your cashflow or obtain whatever Reliefs you can receive for your benefit.

The draft letters are for you to customise and are appended for your use.

Should you have any queries, concerns, require additional assistance or just want to chat with someone in confidence, please do not hesitate to reach out to us. We are here to help you out.


Stay Well, Stay Safe, Stay Home. Use your masks, wash your hands, Smile and Be positive always.



¹“Measure What Matters”; John Doerr (Penguin Business:2018); at page 51

²Section 4 of COVID-19 (Temporary Measures) Act 2020 (“the Act”)

³Regulations 9(2) Covid-19 (Temporary Measures)(Temporary Relief for inability to Perform Contracts) Regulations 2020

Brought to you by DLLC Legal News

DL LAW CORPORATION is a Singapore-based law firm that helps businesses and business owners with their legal needs. The firm is a keen supporter of Small and Medium Enterprises and advises many SMEs on their legal issues, both corporate and litigation matters. Grab a FREE CONSULTATION today at www.dllclegal.com or send your email to contactus@dllclegal.com to book your appointment.

The contents and views set out above are those of the author(s) and/or are personal views and for information only. It does not constitute in any way any legal advice or representation to the reader even if the facts appear similar to your fact situation. You are strongly encouraged to seek legal advice should you have any legal issues.

Fill out the form below and we’ll send you the COVID-19 essential documents for business owners via email within the hour.

* indicates required

I consent to DLLC’s email policy. *

7 Lessons To Know About Your Company’s Website To Avoid A Breach Of Section 24 Of The Personal Data Protection Act (PDPA)

Have you recently carried out a vulnerability test on your Company’s website and secured webpages such that all Confidential and Personal Data would not leak out accidentally?

This is what happened to one such Company who allowed their customers to access data from their company webpage due to having inadequate security measures.

What Happened?

For the convenience of its policyholders, Friends Provident International Limited (the “insurer” or “Company”) operated and maintained an online portal (“Portal”).

Policyholders could access the Portal through the Company’s webpage via a supposedly “Secured Mailbox Webpage” (“Webpage”). Authorised persons of the Company i.e. employees and advisors could also access the Webpage to generate and obtain reports.

Unsurprisingly, the reports contained some personal data of policyholders including their names, policy number(s) and residential area where they lived. It was not intended for policyholders to see more than their own information.

Unfortunately, the Company’s breach of the PDPA came about when an inquisitive policyholder, while accessing the Portal and the Webpage, was able to also generate and obtain confidential reports containing details of other policyholders.

The policyholder then complained to the Monetary Authority Singapore who in turn referred the matter to the Company. The Company, on its own accord, reported the breach.

The troubling issue is that the Company did not know of the vulnerability of its Webpage. It was only by chance it did an upgrade of the backend and enhanced the website’s verification had resolved the security issue on 6 February 2018. Therefore, these breaches were in fact incidents which occurred sometime on or about 12 December 2017 but to the Company, it was unaware that there was a glitch.

In total, 240 individuals were affected by the generation of the reports where 42 reports had been produced and downloaded by 21 policyholders or their advisors.

What exactly was the Company’s breach?

In Friends’ Case [2019] SGPDPC 29, the Deputy Commissioner stated that Section 24 of the Personal Data Protection Act 2012 (“PDPA”) requires companies to protect data in their possession or under the control by making reasonable security arrangements to prevent unauthorised access, disclosure and similar risks (emphasis added).

The Company had not done so for 2 main reasons:-

  1. It was less careful in the manner it had restricted access to the Reports to prevent unauthorised access; and
  2. The testing done on the Webpage was inadequate.

The Deputy Commissioner said that the most striking factor was the lack of authorization mechanism for access to be able to generate and obtain reports. Once a person could get access, there was no further authorization or verification required. The Company merely deployed a simple way of hiding from view of other unauthorised persons. Due to a faulty JavaScript within the Webpage, the “report” tab was now no longer hidden from other users.

The testing of the Webpage was inadequate because the facts showed that the Webpage was intended for use across a variety of devices and screens. Therefore, the Deputy Commissioner felt that testing should have been conducted across multiple browsers and devices including mobile phones and on a representative basis.

Wearing the hat of a director or entrepreneur, if you were to assess what is expected of the Company, it is unlikely that you would have questioned the work of your developers. Perhaps you may have expected the developers or your IT team to have tested all devices across a variety of all platforms. Many directors or entrepreneurs may have been completely unfamiliar with resolving a faulty JavaScript.

The Deputy Commissioner highly recommended that companies and developers should have tested other browser conditions such as “script blocking”. Script blocking is to prevent a website from running bits of code when a user visits the website. Did you know of “script blocking” as a tool before reading this article?


The most positive outcome, in this case, is that the Company only got away with a warning.

The misuse of the personal data was relatively low and that the Company took prompt steps to inform the Commission and implement remedial steps.

Had the information been more confidential (as defined under the PDPA), there could have been severe consequences for the Company with a heavy fine imposed.

Remedial Steps Taken Promptly

After the breach was reported, the Company took all efforts and remedial actions (bearing in mind that it had already resolved the glitch on 6 February 2018). It took urgent steps to:-

  1. review the Portal;
  2. conduct an initial risk assessment and investigations;
  3. imposed a requirement for regression testing for mobile devices and different screen resolutions;
  4. ensured that there was backend access validation in place;
  5. all employees received training on data protection upon commencement of employment or a refresher session; and
  6. contacted all affected persons so that all Reports were retrieved.

7 Lessons Learnt

From this case, it is clear you must, when working with your developers or IT teams,

#1 Ensure that thorough vulnerability tests are conducted on your websites regularly;

#2 Ensure that reasonable security arrangements are made such as front-end and backend verification procedures when entering secured webpages;

#3 Work closely and in consultation with your developers and IT teams on regular Website maintenance;

#4 The testing should apply not only to websites but to your mobile devices and across multiple browsers and screens;

#5 You should carry out enhanced testing regularly such as script blocking or such other tools to bring forth any flaws in the coding of your websites and mobile devices;

#6 Equally important is to ensure that all employees receive training on data protection when they start and at yearly trainings;

#7 When there is a breach, report promptly and take remedial steps early. It may well be a mitigating factor and save you from a hefty fine before the Commissioner.

Brought to you by DLLC Legal News

DL LAW CORPORATION is a Singapore-based law firm that helps businesses and business owners with their legal needs. The firm is a keen supporter of Small and Medium Enterprises and advises many SMEs on their legal issues, both corporate and litigation matters. Grab a FREE CONSULTATION today at www.dllclegal.com or send your email to contactus@dllclegal.com to book your appointment.

The contents and views set out above are those of the author(s) and/or are personal views and for information only. It does not constitute in any way any legal advice or representation to the reader even if the facts appear similar to your fact situation. You are strongly encouraged to seek legal advice should you have any legal issues.

3 Major Amendments To The Employment Act Business Owners Must Know

For an employer, It is a bag of mixed feelings on the proposed amendments.  It is however no surprise the executive and managerial employees who earn higher salaries welcome the changes.

We think these changes level the benefits to employees as a whole and perhaps it is time for employers to ensure that their company’s grievance procedures are in place internally to manage any unfortunate disputes.

The amendments impact all executives of a Company especially those employees who previously were not afforded any protection because their income was above the statutory limit of $4,500.00.

The 3 major changes are as follows:

1. Applicability of EA

Before the amendments, the provisions of the Act (except for rest days, hours of work and other conditions of service) did not apply to Professionals, Managers and Executives (“PMEs”) earning a monthly salary above $4,500.

With effect from 1 April 2019, the provisions in the Act (except for rest days, hours of work and other conditions of service) apply to all PMEs regardless of the monthly income.

This means that provisions relating to sick leave, maternity benefits and wrongful dismissal will equally apply to PMEs.

The rationale for the amendments is that PMEs make up more than half the local workforce and they should be given the benefit of the Act.

It must follow that employers should be fully aware of the changes to ensure that the employment agreements and employment handbooks are updated in compliance with the revised obligations under the Act.

2. Sick Leave & Hospitalisation Leave

The amendments will now provide employees more flexibility when obtaining a medical certificate.

Employers are now required to recognize medical certificates issued by any registered medical practitioner.

Previously, if an employee wanted to take paid sick leave, he would be required to consult a registered medical practitioner employed by the Government or the company doctor.

Employers are of course concerned whether more employees may be encouraged to take sick leave since it would now be easier to obtain a medical certificate from your neighbourhood GP.  On the other hand, this amendment is in line with standardising that any registered medical practitioner is competent to treat a patient.

Further, the definition of “hospitalisation leave” has been extended.  It now includes employees who have been discharged from the hospital but are still unwell to require hospitalisation leave during that period so that the employee can rest at home.  It seems the rationale is that if it was not hospitalisation leave, the employee would have to use his sick leave which is limited to 14 days for each employee.

3. Wrongful dismissal claims

For PMEs who wish to make a claim for wrongful dismissal against their employers, the amendments have shortened the length of employment required from 12 months to 6 months.

This effectively means that after a period of 6 months of service, if the employee is dismissed for whatever reasons and the employee feels aggrieved, the employee would be able to make a claim. While a bigger group of employees would fall within this provision, we are of the view that this number of employees filing wrongful dismissal claims are unlikely to be high.

Other Amendments

The other amendments, although less impactful, are

  • Leave For PMEs – Before the amendments, annual leave for PMEs was governed by what was stated in the Employment Agreement.  Now, PMEs will be entitled to at least 7 to 14 days of paid annual leave.  It seems to suggest that PMEs may no longer be offered 14 days but given 7 days when they start and it would be for the PME employee to negotiate for more leave days;
  • Suspension of PMES for longer than 1 week – Employers may suspend (for example gross misconduct) a PME employee for a period exceeding 1 week by applying and obtaining an approval from MOM but the employee shall be paid half his salary for such period;
  • Salary Deduction by Consent – Salary deductions will now be allowed if the employee consents to the deduction in writing.  Therefore, if an employee agrees to his salary being deducted, the employer cannot be faulted unless the employee withdraws his consent;
  • Query By Commissioner on Employer’s Retrenchment Benefits – Employers can be called upon by the Commissioner of Labour to provide information on any retrenchment benefits available to employees.

Concluding Comments

In light of the recent amendments, many companies have yet to update their employment agreements and employment handbook.

Companies are to set out the rights and obligations of the employees to protect the Company’s interest and to avoid any misunderstandings.  This includes updating the Employee Handbook on leave policies and putting in place a good process for grievance procedures.

If an employee issue can be resolved internally, the Courts need not have to be involved and precious manhours are not wasted at the tribunals.

Brought to you by DLLC Legal News

DL LAW CORPORATION is a Singapore-based law firm that helps businesses and business owners with their legal needs. The firm is a keen supporter of Small and Medium Enterprises and advises many SMEs on their legal issues, both corporate and litigation matters. Grab a FREE CONSULTATION today at www.dllclegal.com or send your email to contactus@dllclegal.com to book your appointment.

The contents and views set out above are those of the author(s) and/or are personal views and for information only. It does not constitute in any way any legal advice or representation to the reader even if the facts appear similar to your fact situation.  You are strongly encouraged to seek legal advice should you have any legal issues.

The Case of “I did not know that I needed a Personal Data Protection Policy in My Organisation”

The “I did not know!” Defence and “Do I really need not have A Personal Data Protection Policy in My Organisation, I didn’t think I needed it”?

That is exactly what the management of “Bud Cosmetics Pte Ltd” (“Bud Cosmetics”) told the Commissioner of the Personal Data Protection Commission in Re Bud Cosmetics Pte Ltd [2019] SGPDPC 1.

This argument was, of course, rejected completely as ignorance of the law is no excuse, said the Commissioner.

The Commissioner then directed that Bud Cosmetics:

  1. pay a financial penalty of $11,000 within 30 days,
  2. engage duly qualified personnel to conduct a security audit of its Website and IT systems, and
  3. develop an IT security policy to guide its employees on the security of personal data of its Website and IT System within 60 days.

For failing to take necessary steps, Bud Cosmetics suffered unnecessary and troubling costs and expenses, not to mention unwanted stress to the management facing the PDPC.

What Happened?

Here is what happened.   The PDPC received a complaint from an individual about a member’s list containing personal data on the internet.  There were at least 2300 names and personal data exposed on the internet.

Bud Cosmetics is an organic and natural skincare retailer specialising in natural skincare brands.  It had an online store and a Website.  Customers of Bud Cosmetics had to set up membership accounts on its Website. (sound familiar!) There was also a physical database (“Offline”) that was retained from its point-of-sale system.  The online database contained over 1,000 members since 2012 and this list had grown to about 2,400 registered members on the Online database.

Like most organisations, Bud Cosmetics sent email blasts and e-newsletters to its customers from both the Online database and Offline database.

On or about 6 April 2017, the affected individual complained that there was personal data of 2,300 members exposed on the internet and the individual’s data was one of it (much to this person’s distress).  If you must know, the members list was exposed because there was a cyberattack on Bud Cosmetics host server in Australia and US and all was revealed because one of the image folders holding the data was unsecured.

To be fair to Bud Cosmetics, they took some steps to ensure that after the cyberattack, they improved security by adding “Sitelock” and other features and conducted daily scans of its Website.  Bud Cosmetics tried to blame it on the cyberattack and that it happened in 2012.  The Commissioner did not buy this explanation.

Organisations Must Take Proactive Steps to Comply

The Commissioner explained that the data disclosed in the Member’s List was definitely personal data under the PDPA as anyone could identify the individual from the data.  It is interesting to note that the Commissioner said that although the PDPA came into force on 2 July 2014, Bud Cosmetics’ duty was to take proactive steps to comply with its obligations and not apply only to new personal data that may come into its possession but any existing personal data held in its possession or control.(emphasis added).

Privacy Policy Insufficient – How employees handle personal data is important

Bud Cosmetics tried to explain that it had a privacy policy on its Website  (“Privacy Policy”) at the time of the incident.  Another interesting point is that the Privacy Policy only notified customers as to how the company would use and process their personal data but did not set out the procedures or practices as to how the company and its employees should handle and protect the personal data.

Bud Cosmetics thought (quite incorrectly) that PDPA only prohibited organisations from sending marketing messages to Singapore telephone numbers that were registered with the Do Not Call Registry.  They admitted that they did not implement any data protection policies or practices on personal data.  It was unaware of its Data Protection Obligations under the PDPA and it had just started considering a Data Protection Policy because other companies were beginning to have them in their website.

Formalised Data Protection Training For Employees

This is when the Commissioner said that ignorance of the law is no excuse and its lack of obligations under the PDPA cannot excuse its breach.  It is also clear that data protection training was grossly missing in this organisation and more importantly, employees would have been better able to protect privacy when they were able to recognise issues to personal information.  In Bud Cosmetics, they did not provide any formalised data protection training for its employees. (Is it a question of not knowing how or what training to provide to the employees?)

Carrying Out Vulnerability Scans Or Penetration Tests On Websites

The Commissioner asked if Bud Cosmetics took reasonable security steps to prevent unauthorised access as set out in section 24 of the PDPA.  They had the control of the data and were responsible for ensuring the security of the Website.  They should have conducted periodic penetration testing or vulnerability assessments and promptly fixed to prevent data breaches.  Again like most SMEs, the management never considered the adequacy of the security of its Website or IT systems.  The Commissioner commented that Bud Cosmetics never conducted any vulnerability scans or penetration tests to ensure that its Website was sufficiently protected.

We ponder exactly how many SMEs and online providers and retailers actually carry out vulnerability scans and penetration tests on a regular basis.  We think the numbers are very small.  Most SMEs and some larger organisations would also assume that our website host would have in place all the security to look after our website requirements.  In Re Bud Cosmetics Pte Ltd [2019] SGPDPC 1 that duty, among other things, fell squarely on the organisation to have checked for “bugs” and “cracks” in its Website.  Again, in smaller organisations, this exercise to test Website would not be so automatic and to some organisations unheard of. Larger organisations have the resources, we think they would not have any excuses not to invest in IT security.

Overseas IT Vendors – Make Sure that Their Standard Of Protection is Equal or Better Than Our PDPA

Lastly, Bud Cosmetics case discusses choosing IT vendors who are overseas.  Bud Cosmetics had website hosting services in Australia and the US.  Companies have a duty under section 26 of the PDPA to ensure that recipients of personal data outside of Singapore have legally enforceable obligations to provide the same if not better standards of protection captured in the PDPA.  If your information was going overseas, the bottom line is that you would have to extremely careful as the breaches carried overseas could still land your organisation in trouble.

Concluding Comments

Many SME companies, like Bud Cosmetics, all have this false sense of security that their websites would be taken care off by their website hosting IT providers.  Contented to merely placing simple privacy policies on their Website, they assume that it would take care of the problem.  Many more organisations think that compliance with PDPA is not the organisation’s problem but to be solved by other parties.

Bud Cosmetics learnt it the hard way.  They were fined $11,000 (which is no small amount) and directed to engage qualified personnel to conduct a security audit and to develop an IT security policy.  More expenses and time engaged in correcting the errors.  Could this have been avoided or did the obligation still fall heavily on training employees to recognise the PDPA obligations?  Was it due to the inevitable cyberattack in 2012 such that Bud Cosmetics could not have done anything significant?  Was the Commissioner too harsh on Bud Cosmetics for focusing on the business especially when the PDPA only became a hot button topic in Singapore from July 2014?  After all these lapses happened in 2012, less was known about cyberattacks and personal data protection.

Brought to you by DLLC Legal News

DL LAW CORPORATION is a Singapore-based law firm that helps businesses and business owners with their legal needs. The firm is a keen supporter of Small and Medium Enterprises and advises many SMEs on their legal issues, both corporate and litigation matters. Grab a FREE CONSULTATION today at www.dllclegal.com or send your email to contactus@dllclegal.com to book your appointment.

The contents and views set out above are those of the author(s) and/or are personal views and for information only. It does not constitute in any way any legal advice or representation to the reader even if the facts appear similar to your fact situation.  You are strongly encouraged to seek legal advice should you have any legal issues.

7 Costly Legal Mistakes Startups Make When Issuing Equity

While sitting in your co-sharing office space, anxiously waiting to make your next presentation on your App, you ponder nervously if your investors would be interested in your App.

You have worked with your team for many months and this next presentation is one of many you have made to scrutinizing investors. You continue to meet and greet potential investors hoping for a buy-in on your ideas.

With each presentation so far, you wonder where the money will come from.

The deficit is getting bigger and you need an investor desperately. Just as you are about to enter your next meeting, you receive a pleasant call from a potential investor, excited to invest with you but clearly wants equity in your company.

You are so excited to reel in the investor that you are prepared to sign any document and here is where the mistakes can be costly.

MISTAKE #1Choosing An Investor Without Doing Your Due Diligence

Do not judge an investor by his appearance or his enthusiasm or the way he or she speaks with authority. An expensive, nice-looking watch or big luxury car does not mean anything except that your investor lives a certain lifestyle. It does not mean that the investor is the right fit for your company.

  • Check if the investor is investing in his personal or corporate capacity.
  • Check if the investor’s company is duly authorised to enter into negotiations with you; or
  • Is it a fishing expedition for the companies looking at what is available in the market?
  • Have you signed an iron-clad Non-Disclosure Agreement before sharing your business plan?

It would help you decide whether your investor is serious.

  • Look at whether the investor is a venture capitalist or an exempt fund management company looking to diversify its portfolio.
  • Check the investor has made other similar investments within your industry.

It will give you the assurance that the investor is aware of what risks are involved in investing in your industry.

Be extremely careful with private investors or individuals as some of these could be your close friends, family or relatives whom you have persuaded to invest with you.

You may have painted such an amazing picture with great profits and potential that you may have down-played the real risks (or probably forgot to mention them). The untrained individual investor is going to hold you accountable for everything you say and claim that this is what you represented to him to be the facts. Sure, “buyer beware” but this will be the start of your problems if your investor starts to kick a fuss internally disrupting your business.

Do your due diligence early so that if you, for whatever reasons realise that this investor is not a glove-in-hand fit, then at least you have not wasted much time and can look forward to the next potential investor.

It is understandable that you do not want to lose your investor’s interests but better to avoid trouble before your investor becomes part of your share capital.

MISTAKE  #2Discussing Equity When In Fact It’s A Convertible Loan Agreement

Now that you have found the right investor, your investor tells you that he will be investing, for example, $500,000.00, more than what you need for now. You are overjoyed, the champagne has popped, and you go ahead and hire the extra tech support you needed from overseas to improve on your App.

The eager but shrewd investor (probably because he consulted lawyers) then gives you an agreement of many pages. The investor tells you that it is an agreement where he will invest for one year and then decide whether he wants to invest further after one year.

You hear only the last few words that your “beloved” investor will invest further after one year, and you sign the agreement complaining that there are too many pages for this agreement.

  • First, you trusted your investor.
  • Second, you forgot to read the agreement; and
  • Third you thought you had to give up part of your shares but did not think that you had to give up very much.

Here is one scenario. One year from now your “beloved” investor sends you a letter asking for all the moneys invested in the company for the last year. You scoff and protest that it is an investment and call your investor a crazy person.

Your investor now turns to page “x” of the agreement (which you signed blindly) and shows you that the investor was in the first year, lending you money and that if the investor chose not to convert the loan to equity, he would be entitled to seek repayment of the full loan.

Some agreements would be cheekier in that if you were unable to repay the moneys which you received before the deadline, your investor, as an option, could take over all of the shares from you.

This can be devastating to any company who entered into a convertible loan agreement and is now unable to pay when it is due and payable.

This means that you must know what agreement you are entering. Is it a convertible loan agreement or is it a straight forward equity investment? If it is an equity investment, you would likely be signing subscription and allotment agreements or a sale and purchase agreement for the sale of shares in your company.

Convertible loan agreements are common in the start-up industry as there is no certainty that the App or the product will ultimately work. If so, negotiate carefully and thoroughly review every clause and think whether such a clause will shut you down if you are unable to deliver any of the terms and conditions.

Investors tend to be opportunistic but are not unreasonable if you know how to negotiate and what to negotiate on. If you leave it to the investor to dictate the terms, high chances are that the agreement will be slated in favour of the investor.

MISTAKE #3Extending A Personal Guarantee

In your in negotiations with an astute investor, you may come across an investor asking you to put your money where your mouth is and ask that you put up a personal guarantee.

Owners and founders are so excited to get their products to the market that they are prepared to sign anything to get a hold on the investor’s money.

You may have a situation where the investor is prepared to enter into a clean-cut equity agreement but demands for a personal guarantee to be executed by you, your partners or directors and sometimes even your family members. The pressure to accept the investor’s proposal is so great that you overstate your abilities and resources and agree.

The condition for the guarantee to be triggered could be as simple as repayments by way of dividends within 12 to 18 months and if no payments are made, the guarantor guarantees to make payment. 12 to 18 months later, while the company has achieved break-even with orders, it does not have the cash flow to make any repayments to the shareholders. Unreasonable investor hits the roof with his demands and threatens to sue the company and calls on the guarantee. Negotiations fails, tempers flair and a decent company rising through the rough is now deeply in trouble because of potential lawsuits by unhappy shareholders.

Be extra careful with guarantees and volunteering to be a guarantor as the sphere to argue any defence or to get out a guarantee is very limited. This means that if you have validly executed a guarantee, you are liable so long as your principal is liable to the creditor. It is only when the principal has discharged his burden, you will be released of your guarantee.

MISTAKE #4Over-committing & Over-promising

The single most important factor in choosing an investment for the investor is the returns he or she will receive from the investment. To the investor, this includes being able to know where his money is being spent or its purpose, able to receive the initial investment as quickly as possible (i.e. return on investment), understanding his risks of losing all his investment and getting a rate of return (or a win-fall) better than all the financial products outside.

To mitigate this expectation, you start by preparing an over-zealous business plan. Your business plan says that your investor will be able to recoup his initial investment in 12 to 24 months because you are confident that more investors will join in.

In person, you assure your investor that his investment will come back even quicker than 12 months.

You pitch to your investor that you have potential customers, all viewing your product and orders are about to be filled but purchase orders have not been sent out.

You then assure your investor in person that in fact the deal is confirmed; it’s just that the customer’s senior management is waiting to give the green light. In your mind, it is a done deal.

You then go ahead and promise the investor that if you can have his or her money by next week, you could take advantage of recent technological products which would pivot your company to the front and secure customers faster.

Your last sincere promise is that you have a hard-working team and that you project your growth rate at 36% per annum (or such ambitious figure) with a rate of return of close to 20% and costs to revenue maintained as the previous year.

You, however, underestimated the labour costs or that you needed additional premises now that your team is growing bigger. You realised that your team needed more time to prepare the upgrades and updates. Your customers are taking too long to respond to you and you have no orders filled even with the investor’s money. There is however a “burn rate” (what is a commonly known parlance where a tech company spends money as working capital in the interim hoping for its product to kick off in a big way or for a VC to come forth and invest in the tech company aggressively with all financial strength).

Several months later, your investor, especially an individual investor, is enthusiastic and hopeful that his investment is producing the results that you had painted to him, is now deflated that you are unable to explain to him that all of his money is gone towards the burn rate. You probably also need more money from him.

Upset and angry that you are unable to explain to your investor or you have been deliberately avoiding him, your investor files a police report calling you a “scammer” or “cheat” or accusing you of not having a valid business. An unhappy situation.

  • From the start explain to your investor with realistic figures your business numbers.
  • Be clear to your investor that the figures are estimates.
  • State clearly in your business plans words to the effect that the numbers, figures are estimates only and are not representations from you and that the investor must carry out his or her own due diligence of your company.
  • State the risks out early and provide solutions on how you are going to deal with the risks.

This means disclosing your risks, threats and assumptions right from the beginning so that your investor can make an informed decision and your investor cannot fault you for failing to disclose all your risks.

Avoid over-committing to your investors and definitely do not over-promise in your delivery. Remember that it is not your money and you will have to account for every dollar spent to your investor.

MISTAKE #5Failing to Enter Into Or to Ratify the Existing Shareholder’s Agreement

In the past, without investors, perhaps it would not have mattered whether a shareholder’s agreement existed.

Now with an investor, your investor may insist that there should be a shareholder’s agreement. Your investor would want to set out how the quorum for directors or shareholders are met, stating the type of resolution needed for specific decision-making issues. The shareholder agreement would also require details on how dividends are paid and how shareholders could exit your company or if the shares were bought over by third parties.

You may have already anticipated a shareholder’s agreement and after the investor has come on board, no further steps were taken to ensure that the new investor/shareholder signed an agreement to be part of the existing shareholder’s agreement.

Let’s say that you have done swimmingly well, and your company is a target by a US company intending to expand its footing in Asia. There is, unfortunately, no clause in the agreement for all the shareholders to be dragged along or tagged along. You and your existing investor retain some shares but only as a minority.

Your new US shareholders inform you that they refuse to recognise the arrangement you had with your investor because your investor never ratified the existing shareholders’ agreement and therefore existing rules do not apply and your US shareholders demand that a new shareholders’ agreement be drafted wiping away your existing arrangement with your investors.

MISTAKE #6Entering Into An Agreement With An Investor Without Checking If The Company Is Allowed To Do So

A real problem which many start-ups face is going about doing elaborate deals. Examples such as convertible loan agreements with options to issue preference shares, non-redeemable with no voting rights or allowing the new investor or shareholder to use Company’s funds to purchase for the shares and the list goes on.

Lo and behold, none of these elaborate schemes is catered for in the company’s constitution. Strictly speaking, the constitution is the agreement governing the relationship between the company and its members and it is one of the primary documents that the Courts will give weight to for its express terms.

In a few cases observed, litigants in court pleadings have argued that shareholder agreements which attempt to override the company’s constitution are null and void. Any changes, if proposed and agreed in the shareholder’s agreement, should have been reflected in the company’s constitution. This only leads to unnecessary litigation between you and your investors.

Before entering into any agreement with your investor, check that the company’s constitution allows for such deal structures. Where the constitution is silent, make the necessary amendments to the company’s constitution to reflect the arrangements between the company and its shareholders.

MISTAKE #7Entering Into A Commercial Agreement With An Investor But Failing To Understand the Contents

With a wealth of information available to all on the internet, you suddenly think that you have the supposed ability to understand any agreement and to attempt any agreement on your own.

It may be tempting to do your own agreement or to copy a sample found on the internet. You must also realise that each sample serves a specific purpose and it was likely created on for a different set of factual matrixes from your own.

Copying a sample agreement can be fatal to you. You may be copying a sample from a different jurisdiction which does not apply to Singapore or relying on an old sample which is no longer good law in Singapore.

In summary, here is your checklist in avoiding costly mistakes in dealing with investors

  • Sign a non-disclosure agreement;
  • Do the legal due diligence on your investor;
  • Review your constitution to confirm whether your company can carry out the relevant equity exercises and amend it if necessary;
  • Propose, prepare, review and revise your shareholders’ agreement;
  • Be clear on the agreement to be signed and terms as to whether it is convertible loan agreement, subscription agreement;
  • Be extra vigilant of whether you are expected to sign a personal guarantee;
  • Be sure and understand the contents of the agreements you intend to sign (especially if you prepared it or got it from untested sources). Check that the agreement is applicable to Singapore law and is still good law in Singapore;
  • Most importantly, be realistic on your returns and avoid over-promising. Always disclose all risks frankly.

Brought to you by DLLC Legal News

DL LAW CORPORATION is a Singapore-based law firm that helps businesses and business owners with their legal needs. The firm is a keen supporter of Small and Medium Enterprises and advises many SMEs on their legal issues, both corporate and litigation matters. Grab a FREE CONSULTATION today at www.dllclegal.com or send your email to contactus@dllclegal.com to book your appointment.

The contents and views set out above are those of the author(s) and/or are personal views and for information only. It does not constitute in any way any legal advice or representation to the reader even if the facts appear similar to your fact situation.  You are strongly encouraged to seek legal advice should you have any legal issues.