The current advancement of information and communication technology (ICT) has significantly changed the way people live or do business. Many organizations in Thailand, both private companies and government agencies, have begun to transition their business process towards the integration of ICT to increase their output and productivity. Information can be converted into digital format and stored on an individual server, or even a third party data center service. Many government agencies and commercial entities are starting to provide electronic services to their customers to increase efficiency. For example, the Revenue Department of Thailand has been providing an online tax-submission service which allows the electronic filing of tax returns. Many commercial banks are providing internet or mobile banking facilities to their customers: saving time and effort. However, on the other side of the coin, this information is sometimes breached and used inappropriately. As an example, during the political unrest in Thailand, a considerable amount of information was used to defame others and discredit those on different political sides. Moreover, many personal identity documents were reportedly used to commit crimes without the owner’s knowledge. It is therefore apparent that the infringement of personal rights has become a serious problem which could decrease the level of confidence, and impede economic and social development in the long term.
In general, Thailand does not currently have any consolidated secondary law governing the use of personal information. There are only sector-specific regulations or notifications providing protection on the use of information. For example, the collection of personal data by a company involved in the operation of credit is controlled by the Credit Information Business Act B.E. 2545. A Notification of the National Telecommunications Commission Re: Telecommunications Access and Interconnection B.E 2549 (2006) protects telecommunication subscribers, including measures for data privacy, privacy rights, and freedom of communication. Personal information is protected by a government entity, regulated by the Official Information Act, B.E. 2540 (1997), and a law specified in the Civil and Commercial Code permits remedy for damage to a person whose personal rights are infringed. From these examples, we can see that the legal structure to protect personal information is fragmented. Hence, it is very important for the current Thai Government to realize the importance of having an internationally-accepted law as a mechanism to protect personal information, particularly in today’s digital environment. On the other hand, such law should not impose any unnecessary burden on business, or create obstacles for related stakeholders.