The Thai telecoms regulator ordered the country’s largest mobile operator AIS to determine whether the executive it fired last week was responsible for leaking the data of up to 100 customers over the past two years.
AIS is investigating the motive of the fired executive, who leaked subscriber call and location data, and said is taking steps to improve its information security protection measures, the Bangkok Post reported. The operator, which has a 44 per cent market share, said five executives had access to classified data of its customers.
The operator has put in place a double password system and a closed work environment, including restricted areas for mobile phones and USB thumb drives, the Post said. It also imposed stricter penalties for wrongdoers.
The National Broadcasting and Telecommunications Commission (NBTC) last week set up a panel, chaired by five commissioners, to investigate how the AIS employee breached internal data policies and procedures. The panel has 30 days to report its findings to the police.
AIS dismissed the executive a week ago after finding he had sold client phone recorders for two to three years and has taken legal action against the employee.
The operator could face harsh penalties, including prison sentences of up to two years for executives or even have its operating licence revoked, in accordance with the Telecom Business Act.
Data protection laws
The privacy breach has sparked calls for the country to push ahead with much-needed data protection laws since it currently doesn’t have any in place.
The Post quoted Dhiraphol Suwanprateep, a partner at Baker & McKenzie law firm, as saying that the increasing number of people and enterprises doing everything online means the country is in dire need of data protection laws.
With such laws in place, mobile operators would need to compensate customers if their personal information is leaked.