Thai Cyber Law Compliance

I often receive question from customers and partners regarding Thai Cyber Law Compliance.

Thailand’s Computer Crime Act of 2007 requires any company or organization that provides Internet access to their employees, customers or visitors (that includes hotels providing broadband to their guests and staff) to retain certain header information for various types of internet activity (email, web surfing, instant messenger chat, FTP downloads) for 90 days as well as maintain a log of the users’ identities. Thailand’s full Computer Crimes Act (B.E. 2550 / 2007) is available in English here.

Thailand has a history of media censorship including printed news, TV, videos (DVD, VHS), satellite TV and has taken a number of steps to address Internet censorship in the past five years. The Thai Computer Crime Act is a component of this in providing Internet access history, records and tracking capabilities at end user sites.

There are a number of open source based Internet firewall solutions which include authentication and logging capabilities such as Untangle, IP Cop and Smoothwall.

A number of school’s and organizations in Bangkok and Chiang Mai which have been investigated by the Thai Police (Section 5) for failing to meet the compliance requirements so Thai based organizations should take the laws seriously.