Review urged for proposed cybersecurity penalties
PENALTIES proposed for infringements of incoming cybersecurity legislation should be reviewed by lawmakers before the two bills are submitted to the Cabinet for consideration this month, legal and industry experts say.
The Cybersecurity Bill and the Data Protection Bill were approval by the Office of the Council of State early this week, enabling the Digital Economy and Society Ministry to submit the legislation the National Legislative Assembly (NLA) for approval.
Once the legislation has cleared all the hurdles, the government is expected to official announce the legal enactment in the second half of next year.
Alongside the legislative moves, the government will set up two agencies, the Data Protection Agency and National Cybersecurity Agency, this year. In the initial stage, the agencies will be under the responsibility of the Electronic Transactions Development Agency (ETDA).
Yanaphon Youngyuen, executive consultant of the National Cybersecurity Committee, said that the Cybersecurity Bill should be amended as the draft did not provide a role for the courts on breaches of cybersecurity and the courts do not have the power to identify offenders under the cybersecurity law.
The cybersecurity bill should ensure a balance power between the court system and the secretary-general of the National Cyber Security Agency in order to provide transparency.
Moreover, government should provide privileges and offer incentives for small and medium-sized businesses that want to invest in cybersecurity, Yanaphon said.
He also said that the cybersecurity bill should be backed by severe penalties. With this need, the government should review the Cybersecurity Bill before the Digital Economy and Society (DE) Ministry submits it to the NLA for approval.
Yanaphon said that, regarding his responsibilities with National Cyber Security Committee, he did not get all the information required.
Regarding the Data Privacy Bill, the government should also review the protections for individuals’ data privacy.
Paiboon Amonpinyokeat, a law expert and executive of the National Cybersecurity Committee, said that the Cybersecurity Bill should be amended in areas concerning the power of the National Cybersecurity Agency and the power of secretary-general of the agency.
Paiboon said the bill does not set out the power relationship or identify the courts as providing a balance to the power of the secretary-general. As result, the secretary-general would be able to seek information directly from businesses and not require a court warrant in requests for information about cyber attacks.
Prinya Hom-anek, secretary of the Thailand Information Security Association (TISA), said the lawmakers should review the Data Protection Bill as it did not provide for data privacy impact assessment.
The existing bill has a conflict of interest, since the Data Protection Agency will have the twin roles of regulator and operator, Prinya said.