In today’s world, personal information is a delicate matter for everyone, especially Personal Data, such as name, surname, address, and phone number. Additionally, there’s what we call Sensitive Data, which refers to the individual’s delicate information that, if leaked, could harm the data owner both in reputation and assets. This led to the implementation of the PDPA law, or the Personal Data Protection Act B.E. 2562, to better safeguard users’ data.
The Personal Data Protection Policy (PDPA) was fully enforced on 1st June 2022. This law safeguards personal data such as name, address, phone number, email, health history, photographs, bank accounts, website user accounts, fingerprints, and more. Such information can identify the data owner. This data can be in the form of documents, papers, books, or even stored electronically.
What is Sensitive Data?
Sensitive Personal Data, or “Sensitive Data”, refers to information that can uniquely identify an individual in a very specific manner and is highly delicate in nature. Examples of this include race, religion, gender, criminal history, political views, and biometric data such as facial patterns or fingerprints. If these types of data are leaked without the consent of the owner, it could be detrimental, as the information might be used illicitly, causing damage to the individual’s reputation or financial standing.
Therefore, to prevent the unauthorized disclosure of Sensitive Data, the PDPA law plays a vital role by providing an enhanced level of protection for personal information. There are legal penalties for those who violate the rules related to Sensitive Data, including civil, criminal, and administrative consequences.
How should HR manage the sensitive data?
Sensitive Personal Data, or “Sensitive Data”, refers to information that can uniquely identify an individual in a very specific manner and is highly delicate in nature. Examples of this include race, religion, gender, criminal history, political views, and biometric data such as facial patterns or fingerprints. If these types of data are leaked without the consent of the owner, it could be detrimental, as the information might be used illicitly, causing damage to the individual’s reputation or financial standing.
Therefore, to prevent the unauthorized disclosure of Sensitive Data, the PDPA law plays a vital role by providing an enhanced level of protection for personal information. There are legal penalties for those who violate the rules related to Sensitive Data, including civil, criminal, and administrative consequences.
As we all know, Sensitive Data is protected under the PDPA law. Therefore, managing this particular set of data becomes a significant responsibility for the HR department to ensure it doesn’t leak. HR officials must obtain consent from the data owners to allow the organization to use such information, often through job application forms. These forms should clearly mention details the applicants should be aware of, like the organization’s name and a description outlining the reasons and purposes for collecting such data. Moreover, the organization should have appropriate security measures in place to protect this data.
Guidelines for HR department’s personal data storage.
Compliance with the data protection law.
Organizations must be prepared to manage the personal data of their employees appropriately. This includes the methods of data storage, usage, or disclosure. Organizations should establish policies or guidelines on data handling. Moreover, there should be designated personnel responsible for overseeing and ensuring the security of various data. Such measures ensure compliance with personal data protection laws.
Employee data management
The responsibility of the organization is to store employees’ personal data with comprehensive and stringent measures. Consent must be obtained from the employees to collect and disseminate this data. Additionally, the organization must clearly specify the purpose and duration for which the data will be used. The personal data that the organization has to manage includes the following :
- Name, address, identification number used for tax submission, and social security.
- Name and bank account number used for salary transfer.
- Educational background, work history, criminal record.
- Sensitive personal data such as photographs, fingerprints, etc.
Measures to protect personal data
Organizations should establish measures to ensure the security of their employees’ personal data. This can be defined in policies or work regulations, such as specifying the duration for data retention and ensuring the proper disposal of personal data documents once they are no longer needed. Additionally, it is advisable to create a user-friendly form to obtain employees’ consent for their personal data processing.
OCR technology as an aid in managing Sensitive Data
In today’s era, OCR technology plays a pivotal role in streamlining document management within organizations, enhancing both convenience and security. OCR technology aids in handling Sensitive Data by reading information on identification cards. Subsequently, the OCR system acts to censor all portions identified as Sensitive Data, reducing the likelihood of unintentional disclosures or data leaks
