PUBLIC COMMENTS ON CYBER SECURITY BILL CLOSES FRIDAY 12 OCTOBER 2018

11.10.18

COMPANIES THAT STORE SENSITIVE OR PERSONALLY IDENTIFIABLE INFORMATION ON COMPUTER NETWORKS IN THAILAND CAN MAKE COMMENTS AS PART OF THE PUBLIC HEARING WHICH ENDS AT 11.59PM ON FRIDAY 12 OCTOBER 2018.

Companies that store sensitive or personally identifiable information on computer networks in Thailand may have reason to be concerned about the unprecedented right of access to private sector computer systems to be given to government officials under the proposed law on cybersecurity (“Cybersecurity Bill”) and can make comments as part of the public hearing process which ends at 11.59pm on 12 October 2018.

The stated purpose of the Cybersecurity Bill is to maintain national security and domestic peace in the face of cyber-attacks in Thailand, however the power granted to Thai authorities is very broad and gives government officials the following discretionary powers which can be exercised without a court order:

1. access computers, computer network systems, computer systems, make duplicates of, or extract information or computer programs where there is reasonable ground for suspicion that a computer or computer system is involved in a cyber threat or affected by a cyber threat;

2. run tests on a computer or computer system where there is reasonable ground for suspicion that a computer or computer system is involved in a cyber threat or affected by a cyber threat, or was used for searching information within such computer or computer system;

3. seize any computer or equipment where there is reasonable ground for suspicion that it is involved in a cyber threat for a maximum period of 30 days;

4. obtain real time information from persons related to a cyber threat who will be required to promptly cooperate and assist the authorities; and

5. order any person to provide assistance to the authorities. This is a broad requirement which could in theory compel persons to provide government officials with unfettered access to password protected or encrypted systems.

Failure to comply could lead to imprisonment for three years and fines of up to THB150,000.

These powers can be exercised if there is a “reasonable ground for suspicion” which is a lower threshold than actual suspicion, or evidence that a cyber threat exists. The definition of “cyber threat” is broad and subjective, and includes an action or incidence committed by computing methods or electronic methods which cause unusual functioning in a computer or computer systems.

Comments can be made as part of the public hearing process by accessing the following link:

www.lawamendment.go.th/index.php/component/k2/item/1306-2018-09-27-07-35-21


FOR MORE INFORMATION
Should you like to discuss any of the matters raised in this Briefing, please speak with a member of our team below or your regular contact at Watson Farley & Williams.


CHRISTOPHER OSBORNE, Partner Bangkok
cosborne@wfw.com

SIRIRAT RINSIRI, Associate Bangkok
srinsiri@wfw.com

Patcharaporn Korbuakesorn
Head of Membership, Events & Communication

+66 (0) 2-055-0620

patcharaporn(at)gtcc.org