In a shocking breach of data protection regulations, a private hospital in Thailand has been fined 1.2 million baht after it was discovered that paper patient files were repurposed into snack bags for khanom Tokyo, a local delicacy. This incident was revealed by the country’s Personal Data Protection Committee (PDPC), which highlighted the importance of safeguarding personal data.
The investigation into the hospital was prompted after reports surfaced about the improper disposal of over 1,000 patient records. According to the PDPC, the hospital had engaged a small business to handle the destruction of these sensitive documents, but failed to ensure adequate oversight. It became clear that the business owner had inadvertently stored the records at their home, leading to the shocking discovery of their reuse as snack packaging.
In a related case, the PDPC reported that a state agency suffered a data breach affecting more than 200,000 citizens following a cyber-attack on its web application. The attacker subsequently posted the stolen data on the dark web. Investigations into this breach revealed significant security flaws, such as weak password protocols and a lack of proper risk assessments, as well as an absence of a data processing agreement with the web application’s developer. Both the agency and its contractor were fined a combined total of 153,120 baht for the shortcomings.
Since 2024, the PDPC has completed six cases involving personal data violations, racking up fines totaling 21.5 million baht. The committee’s rigorous enforcement underscores the growing scrutiny on data protection compliance in Thailand, as both public and private entities are reminded of their responsibilities to safeguard sensitive information.