Cybersecurity, data protection bills await NLA approval
THE Cabinet has approved cybersecurity and personal data-protection bills for enactment by the National Legislative Assembly, paving the way for the country to enforce legal safeguards for the rapidly-growing digital economy and society.
Digital Economy and Society Minister Pichet Durongkaveroj said the cybersecurity bill will help ensure national security in cyberspace, covering both public and private sector databases, while personal data protection will require the owners of data to give explicit consent before it can be used by other parties.
Owing to the global uptrend of cyberattacks on critical databases such as those storing data of hospital patients, bank clients, citizen IDs and other data, it is necessary to enact a bill that can tackle these threats that come in the form of malware, DDoS attacks and ransomware, etc.
According to Pichet, the bill will empower authorities to survey, prevent and mitigate threats faced by the country’s critical infrastructure, including those of public utilities, banks and financial institutions, energy sector, transport sector, public healthcare, government services and national security.
As chair of the Asean grouping in 2019, Thailand will also play a leading role in implementing regional precautionary measures to cope with cybersecurity threats, he said, adding that the government is also preparing to set up a national cybersecurity committee under the proposed legislation.
On the personal data-protection bill, Pichet said the proposed legislation will provide a legal framework on personal data ownership, data controllers, and data processors while requiring data users to obtain consent from data owners in an explicit manner. This means that data owners must be informed on mobile screens, for instance, stating the conditions and approval on data use.
In addition, data owners have the right to cancel their consent at any time afterwards except in terms of data concerning public healthcare and non-profit education. A national committee will also be set up to take charge of protecting personal data under the proposed legislation.
Pol Colonel Paisit Wongmuang, chief of the Department of Special Investigation (DSI), said law-enforcement and other authorities have been preparing to work together to prevent and suppress cybercrimes that affect the public well-being and national security. Representatives from the Armed Forces, Digital Economy and Society Ministry, Food and Drug Administration, among others are participating in preparatory sessions.
He said banks have also worked with the DSI on addressing the threat of customers’ data being stolen by cybercriminals, while the Justice Ministry has urged the agency to coordinate preventive and suppression measures. For example, DSI was involved in tackling recent Bitcoin scams, fraud and embezzlement via the Internet.
However, cybercriminals have become more sophisticated and can evade the law if their servers are located outside the country, he said, noting that it takes cybercriminals only a couple of minutes to commit a crime. Hence, he said, law-enforcement needs to be vigilant and equipped with sophisticated tools to deal with them.
Fraud via call centres, violation of intellectual property rights and illegal online gambling are among the top cybercrimes in Thailand.