The collection and processing of data by the BOT are performed for the purposes of the discharge of its statutory duties as the central bank as well as the performance of its statutory regulation of financial institutions and payment systems, in order to ensure monetary and economic stability and the appropriate protection of users of financial services operated by regulated financial institutions, as well as in order to facilitate the BOT’s organisational management.
Important purposes of the processing of personal data by the BOT are, by way of illustration, described below.
(1) Purposes Involving the Supervision and Examination of Financial Institutions
The BOT performs official duties in connection with the supervision and examination of various types of business operators such as financial institutions and specialised financial institutions under the Financial Institutions Business Act, B.E. 2551 (2008) (as amended), asset management companies under the Emergency Decree on Asset Management Companies, B.E. 2541 (1998) (as amended), authorised foreign exchange businesses under the Exchange Control Act, B.E. 2485 (1942) (as amended) and payments service providers under the Payment Systems Act, B.E. 2560 (2017). In undertaking its role and responsibility, the BOT processes data including personal data of persons concerned as received from such financial institutions and financial & payments service operators to ensure safety and prudence in their operations, and thereby the BOT’s mandate to ensure economic and financial stability. In addition, the processing is for the purpose of performing BOT’s duties in relation to the protection of users of financial services. In this connection, general members of the public may seek advice on, or address complaints concerning, financial services providers via the BOT’s Financial Consumer Protection Center (FCC). This being so, the processing of users’ personal data by the BOT is essential for its co-ordination with financial institutions and for its proceeding in relation to the provision of advice or the pursuit of activities concerned.
(2) Purposes of Conducting Monetary Policy and Formulation of Economic Policy
The BOT’s discharge of its duties as regards the determination and implementation of monetary policies necessitates its processing of data, including personal data, for conducting assessment and forecasts of economic trends and directions to ensure monetary stability.
In addition, the collection of personal data by the BOT such as financial information including, incomes, liabilities or business operation is carried out in order to analyse, research, and to determine policies or measures to address economic problems and facilitate economic development.
(3) Purposes Involving the Supervision and Development of Payment Systems
In carrying out its role and responsibility to safeguard the payments system stability and to develop the payments system, the BOT also needs to process personal data, as mandated by the Payment Systems Act, B.E. 2560 (2017). In addition, in the course of the BOT serving as a provider of critical payment infrastructure, for example, the Bank of Thailand Automated High-Value Transfer Network (BAHTNET) system, the BOT also processes personal data.
(4) Purposes Involving the Issuance and Management of Banknotes
Statutory responsibilities assumed by the BOT in issuing banknotes as provided by the Bank of Thailand Act, B.E. 2485 (1942) (as amended) entails its processing of personal data, in particular, data relating to criminal records for the purposes of allowing access to restricted areas and conducting authentication in transactions involving banknote management, such as the deposit, withdrawal and carriage of banknotes.
(5) Purposes Involving the Conduct of Activities for Lawful Public Interests
The BOT has established its Learning Center and has, through various projects, striven to create and strengthen financial literacy as well as knowledge in the interest of the public, pupils and students. Such activities also entail collection and processing of personal data by the BOT in order to serve the public efficiently.
(6) Purposes Involving the Maintenance of Safety of the BOT’s Personnel, Premises and Property
As an essential part of safety operations for the benefit of its personnel, premises and property, the BOT requires information for persons gaining access to its areas, such personal data include their names, surnames, agencies of affiliation, as well as photographic records, including via closed-circuit television cameras (CCTV cameras) as well.