True Corp Promotes “Privacy and Security by Design” Strategy, Respecting the Privacy and Security of Customer Data from the Design Phase, Encouraging Thais to Be Aware of Personal Data Protection as a Human Right in the Digital Era

25 January 2024

Bangkok, January 25, 2024 True Corporation solidifies its mission as a leading Thai tech company that has continuously protected data of more than 51 million customers in the Gen AI era with the strategy “Privacy and Security by Design”, highlighting the concept of respect for privacy and protecting customers’ personal data from the design process.  The company aims to raise the standards of safeguarding customer data with the utmost responsibility, reflecting its commitment to conduct business sustainably with respect for human rights in the digital era.  Meanwhile, a survey result has revealed that the average of Thai people who are concerned about their privacy and security of personal data is lower than the Asian average. Therefore, it is necessary to urgently raise awareness, prevent violation and damage, marking Data Privacy Day on January 28 every year.

Montri Stapornkul, Head of Data Protection Division, True Corporation Plc. said that “True Corporation as a leader in telecommunications is aware of conducting business responsibly and safeguarding customer personal data which is another dimension of respect for human rights in the digital era. This is one of the sustainability subjects that True’s stakeholders attach very high importance to.  The company adheres to the “Privacy and Security by Design” strategy, which respects privacy rights and protects customer data securely from the design phase as well as controls information security based on the international standard ISO 27001, emphasizing the use of technology to limit access to unnecessary personal data, such as using AI in SIM registration for accuracy and safety, digitizing documents to be paperless 100% plus bringing AI and chatbots to increase efficiency in providing customer service to reduce waiting time and reduce the level of access to personal data.”

Prepare to Handle all Risks in the Digital World Ethically

True places importance on respecting personal data by evaluating the impact of every service related to personal data, especially services that are a result of changes and the use of technologies such as AI, IoT and Big Data.  In addition, there are measures for all internal users who must be able to state that their request is legal and has a clear purpose of usage.  This also includes responding to government agencies’ requests.


“Due to the influence of AI, a technology related to personal data protection, True has announced the “True’s Ethical AI Charter” that specifies 4 ethics in using AI honestly, including 1. Good Intent: AI should only be used to benefit humans. 2. Fairness and Bias Mitigation: AI should not discriminate. 3. Data Privacy and AI Functionality: Full respect for customer data and the law. and 4. Transparency: AI decisions should be explainable.”

"Mobile and digital service providers are only "Personal Data Controller".

Users of mobile and digital services who own the data can choose to give consent regarding to privacy at 2 levels: 1. Service contract (main purpose) – Use information only for purposes related to providing telecommunications services or main services, and 2. To give consent or allow the use of data for other purposes to receive benefits that meet individual needs. True or dtac applications, for example, may notify customers about the opportunity to redeem some benefits for free. True as a mobile and digital service provider is just only the “Personal Data Controller” who must oversee, control and use the data as much as consent has been given and only for the purposes notified to the customer. This is in line with True’s ambition to drive the respect for human rights in the business process throughout the supply chain which is an important dimension, leading to True Corporation is ranked number one in the S&P Global’s Corporate Sustainability Assessment and listed in the Dow Jones Sustainability Indices 2023 in the telecommunications category for the 6th consecutive year.”, Mr. Montri concluded.

5 Things to Know and Understand Correctly about Personal Data Protection

  1. Personal information does not mean information that only indicates first and last name: It can be information that can directly or indirectly identify an individual, such as email address, address, telephone number and IP Address.
  1. Security ≠ Privacy: Safe storage of information does not mean that there is no right to access or misuse of personal data.
  1. Unnecessary access to information is considered wrong: Personal data protection does not just govern the disclosure of information, but also access to data which must be in accordance with the objectives that have been reported to the data owner.
  1. Good intentions don’t always mean good: The use of personal data always requires consent, even though they claim to have good intentions.
  1. The purpose of requesting consent which is too broad: This opens a channel for data to be used beyond the stated purpose.


#DataPrivacyDay2024 #TrueSustainability