The Amended Computer Crimes Act: Important Changes for Business Operators
The Act Governing Commission of Offences Relating to Computers ( generally known as the Computer Crimes Act) was enacted in 2007. Over the last decade, several high- profile cases have appeared in the media, especially when celebrities or models lodged criminal charges under the Act. Its application in criminal defamation cases has also been the subject of a lot of comment.
But the Computer Crimes Act is not only relevant to celebrities; it’s important to all businesses that use computers in their operations. This article discusses how certain recent amendments to the Computer Crimes Act that are now in force have important implications for business owners in Thailand.
Spam Emails: Under the amended Act, a business may face criminal punishment if it sends computer data or emails that cause trouble or annoyance to recipients without an option to allow the recipient to easily cancel, unsubscribe, or inform the sender to cease sending further emails or computer data. The penalty for such actions is a maximum fine of Baht 200,000. From now on, if business operators send any emails or e- bulletins to their customers and fail to provide an easy way for recipients to cancel or unsubscribe, the business operators will be criminally liable if the emails or e- bulletins are deemed to have caused trouble or annoyance.
Greater Penalties for Hackers:
Businesses that use computer systems that involve national security, public safety, national economic security, or infrastructure that concerns the public interest are now more protected from hackers due to an increase in criminal penalties for offenders who use a computer in crimes against these systems. Offenders will face more severe criminal penalties compared to offenses against a computer system used by normal business owners, with fines from Baht 20,000 to Baht 140,000, and imprisonment from one year to seven years. More severe penalties may also be imposed if the crime results in damage or other impacts to protected systems, or if the crime unintentionally results in the death of a person.
False Information: An offender who dishonestly or deceitfully brings false, distorted, or forged information or data into a computer system in such a way that is likely to cause damage to the public will face imprisonment not exceeding three years or a fine not exceeding Baht 60,000, or both. For the law to apply to such an offense, it is not a defamation offense under the Penal Code and must be targeted at an individual. This offense is compoundable, which means both parties can settle.
Service Providers: Any service provider that cooperates with, consents to, or connives to certain offenses under the amended Act, such as dishonestly or deceitfully bringing false, distorted, or forged information or data into a computer system under the service provider’s control, will face criminal penalties. The Minister of Digital Economy and Society has the authority to issue an announcement to determine the processes for issuing a warning, termination of the circulation of the computer data, and removal of the computer data from the computer system. A service provider will be waived from criminal penalties if it can prove that it has complied with such an announcement. Expanded Court Authority: Under the amended Act, the court has new authority pertaining to computers and can order the destruction of data. The court can also publish a judgment wholly or partially through electronic media, broadcast radio, broadcast television, newspaper, or other media which it deems appropriate. The court also has the authority to order other actions deemed necessary to remedy injury arising from an offense.
Settlement: Some offenses, such as the unauthorized access of a computer system, disclosure of preventive measures for accessing a computer system, or bringing false information into computer system, can be settled by a committee appointed by the Minister.
Computer Data Screening: The Minister has the authority to appoint a computer data screening panel, which may assign an officer to request that the court orders the cessation of circulation of computer data, or the deletion of computer data, when there is circulation of computer data that constitutes a crime under the Act, affects the security of Thailand, or conflicts with peace and order, or good morals.
The amended Act also addresses other important issues, and business owners should therefore be aware of potential criminal implications when their business operations involve computer data or a computer system.
Chusert Supasitthumrong is a partner at Tilleke & Gibbins. He can be contacted at chusert. s@ tilleke. com. This article was first published in the Bangkok Post and is reproduced with permission of the author.