Thailand Law On Internet Data - What It Means To Your Business

The internet has long been known as a law unto itself, with much of the crime prevention that is enacted on the internet made by ordinary citizens.

Police are often powerless to prosecute for crimes committed online - tracking is difficult, different laws across borders make sites that are legal in one country readily available in countries where they are not, and the prevalence of internet access means monitoring is harder than ever. A new Thailand law has been enacted to assist law enforcement with regards to cyber crime in Thailand. We look at the details of this new Thai business law, and whether your business needs to consult a Thailand corporate legal service regarding your obligations.

The new Thailand law requires all private firms, government agencies and other organizations to store all internet traffic data for 90 days. Law firms in Thailand advise that there are no exceptions, and that although it will be technically difficult, implementing measures to store these records is crucial for businesses to be in compliance with the law. Businesses that fail to keep these records will be liable for fines of up to 500,000 baht. Businesses affected by the Thailand law include telecommunications providers, internet service providers (a category which include internet cafes, universities, companies where employees can access the internet and schools), portals and web hosting services.

Cyber offences that police need these computer records to track include the email forwarding of pornographic pictures, posting messages on forums that defame someone or are otherwise libelous, as well as violating the lese majeste laws. Check with your corporate legal service in Thailand or your Thai business law firm if you'require more information on these.

In most cases, Thailand lawyers advise, simply failing to clear the cache on the computer will not be sufficient for record keeping. A specific log management system needs to be installed under the Thailand business law, keeping at a minimum, the IP address of sites visited, as well as header information, so that the sites can be easily identified. Simply keeping cache records would also leave businesses open to fines, in case of unwitting employees cleaning up the computers, or a power outage or hard disk failure. Record keeping systems should be secure, and connected to a surge protector, Thai business lawyers advise. Corporate legal services in Thailand also recommend keeping the record system both password protected, encrypted, and having the physical storage device under lock and key. You can check with IT security specialists for the implementation of each of these recommendations.

If businesses feel hardly done by in the time and investment it will take to comply with the new laws, they should consider the initial drafts of the Thailand laws - they demanded that every piece of information about a website and user be kept, with screenshots. This was deemed technically infeasible, however, and the current Thai law resulted. The investment is just as large for the government, who will need to train large numbers of staff in IT forensics, as well as consistently consulting Thai corporate legal services.