Offences according to the 2007 Computer Crime Act , Judgement of the Supreme Court 2600/2563
A case study of an ex-employee who illegally accessed their company email account after have resigned from the company
A Summary of the Judgment of the Supreme Court 2600/2563
The case involves an ex-employee who after having resigned from the company and therefore no longer had a legitimate right to access company data, deliberately accessed their company email account in order to transfer confidential company data to their personal email account.
The company filed a case against the ex-employee under the Computer Crime Act, BE 2550 (2007), section 7. However the Court of First Instance dismissed the case so an appeal was filed by the company. The Court of Appeal did find that there was sufficient evidence for the initial verdict to be overturned and the defendant was subsequently found guilty.
The Computer Crime Act, BE 2550 (2007), section 7, states “Whoever illegally accesses to a computer data that has specific security measures which are not intended for his/her use, shall be liable to an imprisonment for a term not exceeding two years, or a fine not exceeding Forty Thousand Baht or both”.
One of the legal question that need to be answered in the case was, is electronic mail computer data under Section 7 of the act?
The Computer Crime Act, BE 2550 (2007), section 3 defines computer data as “means information, messages and concepts or instruction, a program or anything else in a form suitable for processing in a computer system and shall include electronic data under the law on electronic transaction”.
The Electronic Transactions Act B.E. 2544 further defines electronic data as “Electronic data” means “messages generated, transmitted, stored or processed by electronic means such as electronic means of exchanging information. electronic mail, telegram, telephone or fax.”
Based on the above definitions it was found that the defendant had committed an offence under section 7 and as a result was found guilty.
“What the above case highlights is that companies need to make sure that they have policies/procedures in place for when an employee leaves the company and that those policies are promptly followed every time. This includes ensuring access to email accounts, remote access to the network and cloud storage is locked down so the ex-employee no longer has access”
Source : www.deka.supremecourt.or.th
“If your organization faces such an incident, contact Orion Forensics to assist in gathering evidence of unauthorized access, to support legal action”
Email : firstname.lastname@example.org