2022年12月6日,个人数据保护委员会(PDPC)发布了《关于通知个人数据泄露的标准及程序的通知》B.E.2565(2022),自2022年12月15日起生效。我们在下面讨论了本通知的主要规定。 1. 数据控制者必须将以下任何个人数据泄露事件通知PDPC办事处和数据主体: (1) 由于个人数据未经授权或错误地访问或披露,或由于错误、缺陷或事故而导致的机密性违规; (2) 个人数据未经授权的更改或更正,或由于错误、缺陷或事故导致个人数据不准确或不完整,构成完整性违规; 而且 (3) 由于个人数据无法访问或被破坏,无法正常使用,造成可用性违规。 2. 当数据控制者意识到个人数据泄露或潜在的泄露时,数据控制者必须立即评估和审计泄露。如果确定违规行为对数据主体的权利和自由构成风险,数据控制者必须立即采取行动防止、暂停或纠正违规行为,并在得知违规行为后72小时内通知PDPC办事处。 3. 如果数据控制者发现违规行为可能对数据主体的权利和自由产生重大影响(考虑到本通知中列出的因素),数据控制者必须(1)立即将违规行为和本通知中所列的其他事实通知数据主体,(2)向数据主体提供数据控制者将采取的补救措施指南,以及(3)采取所有必要和适当的措施,暂停、回复、纠正或从个人数据泄露中恢复,并防止未来的泄露。 4. 数据控制者必须通过电子方式或PDPC办事处指定的任何其他方式以书面形式通知PDPC办事处该违规行为。如果由于不可避免的情况,数据控制者未能在72小时内通知PDPC办事处,则数据控制者必须在得知违规事件后15天内通知PDPC办事处,并说明延迟的原因。 5. 数据控制者必须在与数据处理者的数据处理协议中规定,数据处理者有义务在数据处理者意识到个人数据泄露后的72小时内立即通知数据控制者。 6. 如果数据泄露涉及多个数据主体,则数据控制者可通过公共媒体、社交媒体或电子手段或数据主体或公众可获得的任何其他手段,专门或一般地将数据泄露通知此类数据主体。 To see the archive of our past newsletters and articles please click here.
On 6th December 2022, the Personal Data Protection Committee (PDPC) issued its Notification on Criteria and Procedures for Notifying Personal Data Breach B.E. 2565 (2022) effective from 15th December 2022. We discussed the key provisions of this notification below. 1. The data controller must notify the PDPC Office and the data subject of any of… Read More
The House of Representatives and the Senate of Thailand recently approved the Act on Amendments to the CCC as proposed by the Ministry of Commerce. The Act will be endorsed by HM the King and then be published in the Government Gazette. It will become effective from the date immediately following the end of the… Read More
The Electronic-means Administrative Functions Act B.E. 2565 (“EAFA”) was published in the Government Gazette on 12th October 2022. It will become fully effective on and from 11th January 2023. Some of its provisions have become effective on and from 13th October 2022. The EAFA requires almost all the government (administrative) offices to perform their functions… Read More
On 25th October 2022, the Thai Cabinet approved the draft regulation of the Ministry of Interior (MOI) Re: Acquisition of Land for Residential Purposes by Foreigners under the Economic Stimulus and Investment Measures for Attracting High-Potential Foreigners to Thailand. The key provisions of the draft regulation are summarized as follows: 1. Foreigners who are eligible… Read More
It has been over two years since the Securities and Exchange Commission (SEC) issued the Notification No. TorJor 17/2563 re: Offering of Newly Issued Securities through Private Placement by Small and Medium Enterprises (SMEs) on 12th March 2020 to relax the requirements for SMEs to raise funds in the capital market through a private placement,… Read More