Regulators vow safety of personal data
Pact intended to increase confidence
Thai financial regulatory agencies have joined forces to protect the personal data of consumers as global data leakages and cyber-risks grow in the digital age.
The three financial regulators -- the Bank of Thailand, the Securities and Exchange Commission (SEC), and the Office of the Insurance Commission (OIC) -- in collaboration with the Office of the Personal Data Protection Committee (PDPC), on Thursday signed a memorandum of understanding (MoU) to support the supervision of personal data protection in the financial sector.
Digital Economy and Society Minister Chaiwut Thanakamanusorn witnessed the signing ceremony.
The Personal Data Protection Act (PDPA) is scheduled for enforcement starting June 1, 2022.
In 2021, 22.7 billion financial transactions worldwide experienced data leakage problems, of which 65% involved personal data.
For Thailand, this problem can dampen the confidence of both business operators and consumers, hindering the country's transition to a digital economy.
As a result, the PDPA is needed to improve the country's personal data protection standards and drive Thailand towards a digital economy in the long term, said Bank of Thailand governor Sethaput Suthiwartnarueput after the MoU signing.
Personal data protection is essential for the financial sector as the central bank has been constructing a new open data financial landscape, part of an open infrastructure concept, he said.
Open data practices allow financial institutions to use alternative data, such as utility bills, to access more information about borrowers, offering both retailers and business operators, especially small and medium-sized enterprises, better access to bank loans.
Mr Sethaput said the PDPA will support financial institutions collecting, using, disclosing and protecting customers' personal data appropriately.
The central bank has been collaborating with financial institutions it supervises in preparation for PDPA enforcement, he said.
All banks are ready to comply with the PDPA, but some small non-bank companies need to improve their personal data protections under the new rules, said Mr Sethaput. The central bank has been helping these companies on this issue, he said.
Mr Sethaput said the central bank has been collaborating with other financial regulators and government agencies to ensure businesses comply with the PDPA as well as working to educate consumers about the new law.
In the financial sector, which covers financial institutions, securities companies, and insurance companies under the supervision of the central bank, SEC and OIC, entities that use personal data for identity verification and making financial transactions are unified in emphasising the importance of the security of customers' data, he said.