Bangkok: The government is taking a firm stance on data protection by enforcing the Personal Data Protection Act (PDPA) and issuing fines to agencies responsible for leaking public data, whether they are public or private entities. Deputy Prime Minister and Minister of Digital Economy and Society, Prasert Chantarawongthong, announced these measures during a joint press conference with Police Colonel Surapong Plengkham, Secretary-General of the Personal Data Protection Commission (PDPC), and other officials.
According to Thai News Agency, Prasert Chantarawongthong emphasized the importance of rights protection as a key priority. The government's objective is to build public trust by ensuring strict adherence to the law, particularly among entities handling personal data. The potential misuse of personal information by criminals poses risks such as fraud. Thus, law enforcement not only safeguards individual rights but also enhances investor confidence and reinforces trust in Thailand as a reliable environment.
In 2024, the government issued five administrative fines for data breaches. The first case involved government agencies that failed to secure their information systems, used weak passwords, and neglected to form a data processing agreement with their system development company. Consequently, each agency faced fines exceeding 150,000 baht.
The second case concerned a major private hospital where patient medical records were mishandled, leading to their use in creating Tokyo pancakes. Over 1,000 records were leaked during document destruction, prompting a fine exceeding 1,200,000 baht for the hospital and over 16,000 baht for the responsible individual.
In the third case, a private agency in wholesale, retail, and online trading was fined 7 million baht for failing to secure personal data properly. The fourth case saw a cosmetics-selling agency fined 2.5 million baht for inadequate security measures. The fifth case involved a toy collecting agency, resulting in a 500,000 baht fine for the personal data controller and a 3 million baht fine for the data processing agency.
Prasert Chantarawongthong stated that these cases highlight the necessity for all sectors to take responsibility and implement robust safety standards, risk assessments, and transparent monitoring mechanisms to protect citizens' rights. The government's ultimate aim is to achieve zero data leaks, though some incidents have occurred with a decreasing volume.
An Eagle Eye center currently monitors and inspects personal data breaches. Agencies must pay fines and rectify hacked systems within 30 days, or face an additional fine of 500,000 baht per day for non-compliance. To prevent leaks, agencies are encouraged to appoint a Data Protection Officer (DPO) to systematically oversee data security. Security measures should be updated and inspected regularly. Additionally, a public awareness campaign is recommended to educate citizens about their rights and how to safeguard them.