Personal Data Protection Laws in Thailand

Seal of the Bank of Thailand, founded in 1942

Image via Wikipedia

The processing of personal data in Thailand is regulated by the Official Information Act B.E. 2540 (1997), which took effect on December 10, 1997 (hereafter referred to as the “OIA”). The OIA gives the public the right to receive or have access to information connected with various operations of Government agencies.
The OIA is intended to give the public the right to receive or have access to information connected with various operations of the state, to give the public an opportunity to express their opinions and exercise their political rights, and to make the public aware of their rights and duties in order to safeguard their interests. Under the OIA, the Government of Thailand is required to disclose certain information to the public as and when requested. If a request for disclosure is denied, the interested party is entitled to lodge a complaint with the Government Information Board.

How is personal information defined under the OIA?

Personal information is defined as an information (i) relating to all the personal particulars of a person, such as education, financial status, health record, criminal record or employment record, (ii) which contain the name of such person or contain a numeric reference, code or such other indications identifying that person as fingerprint, tape or diskette in which a person’s sound is recorded, or photograph, (iii) and also includes information relating to personal particulars of the deceased.

What requirements apply to the collection of personal information by State agencies?

A State agency is defined as a central administration, provincial administration, local administration, State enterprise, Government agency attached to the National Assembly, Court but only in respect of the affairs unassociated with the trial and adjudication of cases, professional supervisory organization, independent agency of the State and such other agency as prescribed in the Ministerial Regulation. Under the requirements of Article 23 of the OIA, a State agency must take the following actions with regard to the provision of a personal information system:

[tweetmeme]
•Providing for a personal information system only insofar as it is relevant to and necessary for the achievement of the objectives of the operation of the State agency, and terminating the provision thereof whenever it becomes unnecessary;
•Making efforts to collect information directly from the person who is the subject thereof, especially in the case where such person’s interests will be directly affected;
•Causing the following information to be published in the Government Gazette and examining and correcting the same regularly: (i) the type of persons in respect of which information has been held; (ii) the type of the personal information system; (iii) the ordinary nature of the use of the information; (iv) the procedure for the inspection of the information of the person who is the subject thereof; (v) the procedure for the making of a request for the correction and alteration of the information; (vi) the source of the information;
•Examining and correcting personal information under its responsibility;
•Providing an appropriate security system for the personal information system in order to prevent improper use or any use to the prejudice of the person who is the subject of the information.
In addition, in the case where the information has directly been collected from the data subject, a State agency must notify the data subject of the purpose for the use of the information, the ordinary nature of its use and whether such case of making the request is one which the information may be given voluntarily or one which it must be given compulsorily under the law.

Finally, a Government agency may not disclose personal information under its control to another Government agency or other people, without the written consent of the data subject.

Courtesy of Internet Business Law Services.

Advertisements

3 Responses to “Personal Data Protection Laws in Thailand”

  1. I guess I agree with what you are saying although I don’t want too :p

  2. It was pretty annoying when LifeLock’s CEO, Todd Davis told everyone his SSN on billboards and whatnot. It seemed cheeky..

  3. Breville Juice Fountain 800JEXL…

    […]Personal Data Protection Laws in Thailand « China Lawyer[…]…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: