NBTC to probe ‘privacy breach’
THE NATIONAL Broadcasting and Telecommunications Commission has set up a working panel to investigate an Advanced Info Service employee’s alleged breach of the company’s policy on security of customers’ personal data.
AIS said in a statement yesterday that it had reviewed relevant internal working procedures and beefed up the security system to make sure a similar breach does not happen again.
The NBTC warned all telecom companies that if they breach customer privacy, they will be punished under Article 74 of the Telecom Business Act of 2001. The maximum penalty is a two-year jail term. They will also risk revocation of their licences.
The case went public when an AIS customer posted on the popular website Pantip.com on Monday that she had learned that an AIS employee had provided her personal data, including the call-data record, to an outsider.
AIS reacted by publicly stating that it had investigated the case and found that the employee had breached its policy on protection of customer privacy. It has fired the employee and filed a complaint with police. The company says it has yet to find the motive for the employee’s act, pending investigation by the police.
AIS, the largest mobile-phone operator in terms of subscriber numbers, said it had made protecting customers’ personal data a top |priority.
In its statement yesterday, AIS said it had initiated a double-password system to improve security. Whenever it is necessary to access a customer’s personal data, two employees must enter a password.
It has also implemented a closed working environment, such as banning employees whose work involves customers’ personal data from bringing mobile phones or USB thumb drives into their work zones.
