BOT, SEC, OIC and PDPC form joint cooperation to ensure personal data protection in the financial sector
The MOU is a fruitful result of the collective cooperation of the four organizations in ensuring that their respective policies and oversight frameworks for personal data protection as well as oversight procedures are consistent. The MOU also prioritizes information sharing for mutual best interest. The signatories aim to support human resource development in the financial sector and educate financial service users to facilitate the financial sector’s smooth compliance with the Personal Data Protection Act and the achievement of the intended outcomes in accordance with the true intention of the law.
DES Minister Mr. Chaiwut Thanakamanusornsaid: “The government and DES equally emphasize the importance of protecting the public’s right to their own personal data and the importance of promoting innovation and optimizing the benefits of digital technology. The Personal Data Protection Act (PDPA) is part of a series of digital laws which aims to increase and strengthen Thailand’s competitive edge and enhance social confidence in using online services in daily life securely and fairly. This MOU which focuses on personal data protection in the financial sector can help to promote and strengthen the protection of personal data in Thailand more efficiently for the benefits of the public sector as the owners of personal data while preventing excessive burdens on business operators under the supervision of financial sector regulators.”
BOT Governor Mr. Sethaput Suthiwartnarueput, Ph.D.said: “Striking a balance between protecting personal data and optimizing data usage is key to the support of the financial sector development, especially in the next phase where BOT plans to revise the financial sector landscape to be more inclusive. This is to allow financial business operators to make the most out of personal data for the purpose of further developing services. In so doing, BOT oversees risk management and data usage governance in compliance with the intention of the PDPA. This collective cooperation will ensure consistency in the supervision and protection of personal data in the financial sector without redundancy, while reducing burdens or costs of business operators as well as the public. In this regard, business operators are allowed to use personal data to execute financial transactions confidently. This is an important foundation for the financial sector development that supports the digitalization of the Thai economy.”
SEC Secretary-General Ruenvadee Suwanmongkolsaid: “SEC has been prioritizing personal data protection and promoting organizations in the capital market to prepare for compliance with the PDPA. In addition, we support the making of guidelines on personal data protection of each business sector in the capital market. Over the years, SEC has organized activities proactively and continuously, especially the creation of cooperative mechanism among relevant regulatory agencies to ensure clearcut implementation. A survey on the readiness of business operators under SEC’s supervision conducted in March 2022 revealed that business operators are active about personal data protection; more than 90 percent of them have already proceeded in compliance with the governing rules and regulations and are confident they will have been ready before the PDPA becomes effective. Therefore, we are confident that this joint cooperation of the four organizations will be especially useful for the protection of personal data in the financial sector and will enhance confidence in the use of technology and the benefits for the country.”
OIC Secretary-General Mr. Suthiphon Thaveechaiyagarn, Ph.D.said:“The insurance business uses personal data for executing transactions. This includes the consideration whether to offer insurance policies, compliance with insurance policies, and provision of services to clients. OIC therefore particularly stresses the importance of managing the acquisition and protection of clients’ data, both general and sensitive personal information in the insurance business. Over the years, OIC has made preparations for the insurance business sector in support of the compliance with the PDPA. This includes the issuance of guidelines on personal data protection for life insurance business, insurance business and insurance assessors, assessment of corporate readiness, legal compliance and security protection and the building of knowledge and understanding of personal data protection for the insurance business sector. Our mutual cooperation under the MOU will support the supervision of personal financial data protection to ensure utmost efficiency for the public and the country.”
DES Deputy Permanent Secretary Mr. Wetang Phuangsup, Ph.D.said: “The Personal Data Protection Act, B.E. 2562 (2019) is a key mechanism for the public to clearly acknowledge the objectives of storing, using or disclosing personal data and the rights related to their own personal data. The PDPA also requires that state and private organizations put in place standards for collecting, compiling, using or publishing personal data in order to operate and do business related to data with confidence in legal compliance. Meanwhile, Thailand has measures for protecting personal data in line with international principles and obtains international acceptance of trade and business operation, and is able to build a robust society where it is possible to inspect the operation of the public sector and the business sector regarding proper and appropriate protection of personal data.”