The Office of the Public Sector Development Commission (OPDC) has ordered a fine of 7 million baht for leaked private sector data.

The Personal Data Protection Committee has ordered a major online shopping company to pay a fine of 7 million baht after leaking over 100,000 personal data to a call center gang. At the Office of the Personal Data Protection Committee (PDPC), Mr. Prasert Jantarawongthong, Minister of Digital Economy and Society (DES), revealed that in order to prevent data leakage problems in the government and private sectors, including solving the problem of call center gangs using people's personal data to commit illegal acts, and to increase public confidence in online transactions, including various government projects that require the use of personal data to verify identity, the 2nd Expert Committee, which receives complaints about technology and other matters, has ordered a fine for a major private company in the country that trades in online products for leaking a large amount of personal data to a call center gang without any measures to control and maintain security as stipulated in the Personal Data Protection Ac t B.E. 2562, including the company not appointing a personal data protection officer (DPO) and neglecting to report the breach of personal data leakage to the Personal Data Protection Office within the time frame specified by law. The second expert committee therefore ordered the administrative fine of the company at the highest rate, totaling 7 million baht, as follows: 1) The company that was complained about collected personal data of more than 100,000 customers and used such data to conduct the company's core business, but did not have a personal data protection officer as required by law. Therefore, when the data was leaked, the company was unable to remedy the problem, which is an action that violates Section 41 of the Personal Data Protection Act B.E. 2562. 2) The accused did not have appropriate security measures as stipulated in the Personal Data Protection Act B.E. 2562, causing data leakage from the company to the fraudulent group, the call center gang, and causing widespread damage. Such actions are therefore in violation of Section 37(1) of the Personal Data Protection Act B.E. 2562. 3) When a complaint was filed by the owner of the personal data, the company ignored it and did not take action to correct it, and delayed reporting the incident to the Personal Data Protection Office, resulting in the inability to provide remedies, which is an offense under Section 37(4) of the Personal Data Protection Act B.E. 2562. In addition to the administrative fine order of 7 million baht, the second expert committee also ordered the accused company to improve its security measures to prevent further data leakage. It also ordered the accused company to train its staff and add security measures to keep up with changing technology, and to notify the Personal Data Protection Office of such corrective measures within 7 days of receiving the order. The administrative fine order This is the first administrative fine issued by the second expert committee on a major private company since the Personal Data Protection Act B.E. 2562 came into effect, in accordance with the criteria of the European Union's General Data Protection Regulation (GDPR). The Minister of DES added that the fine is intended to protect the public from the problem of call center gangs and personal data leaks, which have been a major problem for the country over the past two years, as well as to warn government agencies and private agencies with personal data leaks to notify the Personal Data Protection Office as required by law. This administrative fine will be used as a standard and a guideline for considering data leaks in the public and private sectors that have been complained to the Personal Data Protection Office. However, the result of this fine will make the public and private sectors more aware of the strictness and compliance with the Personal Data Protection Act B.E. 2562, as well as being part of the measures to prevent call center gang crimes that occur from the illegal use of the current large amount of personal data of the public. In addition, this measure will help to provide relief to the owners of personal data whose personal data has been leaked from the aforementioned incidents and build more confidence among the public in using personal data online in both the public and private sectors. He would like to encourage the public who have been damaged to You can use the compensation rights by informing the information to the Social Security Office during office hours at 02-027-8852, 02-142-1033, 02-114-8504.- Source: Thai News Agency