On May 26, 2020, Thailand’s Ministry of Digital Economy and Society issued a new Notification Re: Security Standards of Meetings via Electronic Means, which came into effect the following day. The notification details the mandatory security standards and procedures that meeting organizers must comply with when convening electronic meetings under the recent Royal Decree on Teleconferences through Electronic Means B.E. 2563 (2020) (which has been in effect since April 19, 2020). The key elements of the notification are explained in further detail below.
General Security Standard for Electronic Meetings
The meeting organizer must inform all attendees that the meeting is an electronic meeting held under the royal decree. They must be able to carry out the following processes:
Special Security Standards for Confidential Electronic Meetings
If an electronic meeting is held for confidential matters, the following additional requirements apply:
- The meeting organizer must set up security measures to prevent unauthorized access to the meeting, data, and documents;
- Each individual attendee must affirm to the meeting that no unauthorized person has access to meeting and the attendee is attending the meeting from an access-controlled place; and,
- Recording audio or video during the confidential electronic meeting is prohibited.
IT Security Standards
The notification sets five principles of IT security standards for electronic meetings:
- Confidentiality—IT mechanisms to prevent unauthorized access.
- Integrity—IT mechanisms to prevent modifications, loss, and damage.
- Availability—IT mechanisms to ensure functionality and access.
- Privacy and protection of personal data.
- Other IT measures, such as authenticity, accountability, non-repudiation, and reliability.
The Electronic Transactions Development Agency (ETDA) is empowered to set forth additional IT security standards for meeting control systems. In addition, the ETDA, or another agency designated by the ETDA, may provide services for verification and certification of qualifying meeting control systems, which should be announced soon.
Any electronic meetings which were already arranged prior to the notification coming into effect (on May 27, 2020), but which have not yet been held, can be held in accordance with the previous security standards for electronic meetings issued in 2014, provided they are held within 60 days of May 27.