On November 21, 2023, the Ministry of Digital Economy and Society (MDES) revealed a 12-month plan to address data leaks and high-risk cyber systems following incidents of public information leaks and trading.  

What measures were taken in the first 30 days? 

The Personal Data Protection Committee (PDPC) established the PDPC Eagle Eye to investigate information leaks in government agencies and private sector organizations, which resulted in the detection of data leaks in 1,158 cases, with 781 matters corrected. Additionally, three cases of personal data trading on the dark web were identified and under investigation. 

Furthermore, the National Broadcasting and Telecommunications Commission (NBTC) and the Police Technology Crime Investigation Headquarters inspected the cybersecurity systems of critical information infrastructure (CII) organizations. Of the 91 agency organizations, 21 were found to have high-risk cyber systems, with corrective actions taken. 

What actions will be taken in the next six months? 

The MDES mentioned that, along with the Department of Special Investigation (DSI), it will expedite efforts to block illegal trading of personal information by prosecuting and arresting offenders. In addition, several government agencies collaborated on efforts to raise awareness about personal data protection. 

What long-term measures were envisioned for 12 months? 

The MDES encouraged the use of reliable, governmental central cloud systems to prevent and reduce personal information leakage. Moreover, the MDES highlighted the shift towards updating related laws to better address evolving cyber threats during this period, including amendments to the Computer Crime Act, the Personal Data Protection Act, and the Cyber Security Act to increase efficiency in detecting and preventing cybercrimes. 

You can read the press release, only available in Thai, here.