True Corp Promotes “Privacy and Security by Design” Strategy, Respecting the Privacy and Security of Customer Data from the Design Phase, Encouraging Thais to Be Aware of Personal Data Protection as a Human Right in the Digital Era
True Corporation solidifies its mission as a leading Thai tech company that has continuously protected data of more than 51 million customers in the Gen AI era with the strategy “Privacy and Security by Design”, highlighting the concept of respect for privacy and protecting customers’ personal data from the design process. The company aims to raise the standards of safeguarding customer data with the utmost responsibility, reflecting its commitment to conduct business sustainably with respect for human rights in the digital era. Meanwhile, a survey result has revealed that the average of Thai people who are concerned about their privacy and security of personal data is lower than the Asian average. Therefore, it is necessary to urgently raise awareness, prevent violation and damage, marking Data Privacy Day on January 28 every year.
Montri Stapornkul, Head of Data Protection Division, True Corporation Plc. said that “True Corporation as a leader in telecommunications is aware of conducting business responsibly and safeguarding customer personal data which is another dimension of respect for human rights in the digital era. This is one of the sustainability subjects that True’s stakeholders attach very high importance to. The company adheres to the “Privacy and Security by Design” strategy, which respects privacy rights and protects customer data securely from the design phase as well as controls information security based on the international standard ISO 27001, emphasizing the use of technology to limit access to unnecessary personal data, such as using AI in SIM registration for accuracy and safety, digitizing documents to be paperless 100% plus bringing AI and chatbots to increase efficiency in providing customer service to reduce waiting time and reduce the level of access to personal data.”
Prepare to Handle all Risks in the Digital World Ethically
True places importance on respecting personal data by evaluating the impact of every service related to personal data, especially services that are a result of changes and the use of technologies such as AI, IoT and Big Data. In addition, there are measures for all internal users who must be able to state that their request is legal and has a clear purpose of usage. This also includes responding to government agencies’ requests.
“Due to the influence of AI, a technology related to personal data protection, True has announced the “True’s Ethical AI Charter” that specifies 4 ethics in using AI honestly, including 1. Good Intent: AI should only be used to benefit humans. 2. Fairness and Bias Mitigation: AI should not discriminate. 3. Data Privacy and AI Functionality: Full respect for customer data and the law. and 4. Transparency: AI decisions should be explainable.”
Poll shows Thai people are concerned about personal data lower than the Asian average.
According to a survey by Telenor Asia Digital Lives Decoded 2023, only 17% of Thais are concerned about data privacy and security, which is lower than the Asian average at 44%. Meanwhile, 21% were concerned about this which is higher than the Asian average of only 8%.
“Creating awareness and understanding of the importance of personal data should be done on a large scale and continuously. We want all mobile and digital technology users to understand their data ownership rights and realize the purposes of data usage. They can decide whether to give or not give consent to access, disclose and use personal information data as well as have the right to know the process of obtaining information, cancel or notify the deletion of personal data in accordance to the law at any time,” Montri added.
“Mobile and digital service providers are only “Personal Data Controller”.
Users of mobile and digital services who own the data can choose to give consent regarding to privacy at 2 levels: 1. Service contract (main purpose) – Use information only for purposes related to providing telecommunications services or main services, and 2. To give consent or allow the use of data for other purposes to receive benefits that meet individual needs. True or dtac applications, for example, may notify customers about the opportunity to redeem some benefits for free. True as a mobile and digital service provider is just only the “Personal Data Controller” who must oversee, control and use the data as much as consent has been given and only for the purposes notified to the customer. This is in line with True’s ambition to drive the respect for human rights in the business process throughout the supply chain which is an important dimension, leading to True Corporation is ranked number one in the S&P Global’s Corporate Sustainability Assessment and listed in the Dow Jones Sustainability Indices 2023 in the telecommunications category for the 6th consecutive year.”, Mr. Montri concluded.
5 Things to Know and Understand Correctly about Personal Data Protection
- Personal information does not mean information that only indicates first and last name: It can be information that can directly or indirectly identify an individual, such as email address, address, telephone number and IP Address.
- Security ? Privacy: Safe storage of information does not mean that there is no right to access or misuse of personal data.
- Unnecessary access to information is considered wrong: Personal data protection does not just govern the disclosure of information, but also access to data which must be in accordance with the objectives that have been reported to the data owner.
- Good intentions don’t always mean good: The use of personal data always requires consent, even though they claim to have good intentions.
- The purpose of requesting consent which is too broad: This opens a channel for data to be used beyond the stated purpose.