A The Position of Mobile Financial Service Application Users on Personal Data Protection Mechanisms Established by the Personal Data Protection Act B.E. 2562 (2019), ISO/IEC 29100, and ISO/IEC 27701

Main Article Content

Manasnit Setthawong
Vasin Chooprayoon


            The objectives of this research were:  1) to ascertain the position of mobile financial service application users toward personal data protection guidelines set in accordance with the Personal Data Protection Act B.E. 2562 (2019), ISO/IEC 29100, and ISO/IEC 27701; 2) to investigate the association between users’ characteristics and their attitudes as it pertains to  privacy protection techniques used by mobile financial service applications; 3) to examine the relationship between users’ attitudes regarding personal data protection mechanisms in mobile financial service applications and applicable privacy and information security standards; 4) to determine the relationship between information security and applications’ privacy guidelines and users’ trust; and 5) to explore the relationship between users’ attitudes toward personal data protection mechanisms in mobile financial service applications and their trust in such applications;  and (6) to develop a model relating to personal data protection measures in mobile financial service applications, users’ characteristics, information security, as well as applications’ privacy and users’ trust. The study approach was quantitative in nature and utilized Thailand's Data Protection Act B.E. 2562 (2019), ISO/IEC 29100, and ISO/IEC 27701 as a framework for the purposes of its investigation. Questionnaires served as a research tool for data collection from 384 application users. The response rate was 100%. Descriptive statistics (percentage, mean, and standard deviation) and multiple linear regression analysis were employed to analyze the data. In terms of the test of hypothesis, it was discovered that users’ characteristics had an effect on their perceptions regarding personal data security procedures used by mobile financial service applications (R2=0.05 - 0.31). This has led to the formulation of 33 influence equations. The study also revealed that users’ attitudes regarding personal data protection systems impacted their attitudes toward applications’ information security and privacy (R2 values ranging from 0.08 to 0.31), resulting in eight impact equations. Users’ attitudes concerning application data security and privacy also affected their trust (R2 values ranging from 0.17 to 0.36), resulting in eight influence equations. Finally, users’ positions on personal data protection procedures used by mobile financial service applications affected their trust (R2 values ranging from 0.25 to 0.29), resulting in four influence equations


Download data is not yet available.

Article Details

Research Article


Albinson, N., Balaji, S., & Chu, Y. (2019). Building digital trust: Technology can lead the way. Deloitte Insights. Retrieved from https://www2.deloitte.com/content/dam/insights/us/articles/6320_Building-digital-trust/DI_Building-digital-trust.pdf

Balapour, A., Nikkhah, H. R., & Sabherwal, R. (2020). Mobile application security: Role of perceived privacy as the predictor of security perceptions. International Journal of Information Management, 52. doi:10.1016/j.ijinfomgt.2019.102063

Bank of Thailand. (2014). IT Best Practices - Phase II. Retrieved from https://www.bot.or.th/Thai/FinancialInstitutions/PruReg_HB/RiskMgt_Manual/download/แนวปฏิบัติIT Best Practices - Phase II.pdf

Bank of Thailand. (2020). Mobile Banking and Internet Banking Transactions. Retrieved from https://www.bot.or.th/English/Statistics/Pages/default.aspx

Chang, Y., Wong, F. S., Libaque-Saenz, F. C., & Lee, H. (2018). The role of privacy policy on consumers’ perceived privacy. Government Information Quarterly, 35(3), 445-459. Retrieved from https://doi.org/10.1016/j.giq.2018.04.002

Chueapirom, S., & Chooprayoon, V. (2016). A Multiple Regression Analysis for Prediction Factors Influencing Mobile Banking Application of Generation Y Consumers. The 11th National Graduate Research Conference 2016, National Defense Studies Institute. 22 September 2016, page 188-196.

Cochran, W. (1977). Sampling techniques. New York: Wiley.

Cronbach, L. J. (1951). Coefficient alpha and the internal structure of tests. Psychometrika, 16, 297–334. https://doi.org/10.1007/BF02310555

Deloitte. (2018). A new era for privacy: GDPR six months on. Retrieved from https://www2.deloitte.com/content/dam/Deloitte/uk/Documents/risk/deloitte-uk-risk-gdpr-six-months-on.pdf

European Union Agency for Network and Information Security (ENISA). (2017). Privacy and data protection in mobile applications. Retrieved from https://www.enisa.europa.eu/publications/privacy-and-data-protection-in-mobile-applications

Fife, E., & Orjuela, J. (2012). The privacy calculus: Mobile apps and user perceptions of privacay and security. International Journal of Engineering Business Management, 4. doi:https://doi.org/10.5772/51645

IBM Security. (2019). Cost of a data breach report 2019. Retrieved from https://www.ibm.com/downloads/cas/ZBZLY7KL?_ga=2.189043820.693715687.1569613662-1615529680.1569613662

ISO/IEC. (2011). ISO/IEC 29100:2011 Information technology – Security techniques – Privacy framework. Retrieved from https://www.iso.org/standard/45123.html

ISO/IEC. (2019). ISO/IEC 27701:2019 Security techniques – Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management – Requirements and guidelines. Retrieved from https://www.iso.org/standard/71670.html

Johnson, V. L., Kiser, A., Washington, R., & Torres, R. (2017). Limitations to the rapid adoption of M-payment services: Understaning the impact of privacy risk on M-Payment. Computers in Human Behavior, 79. 111-122. Retrieved from https://doi.org/10.1016/j.chb.2017.10.035

Kaplan, A. M., & Haenlein, M. (2010). Users of the world, unite! The challenges and opportunities of Social Media. Business Horizons, 53(1), 59-68. doi:https://doi.org/10.1016/j.bushor.2009.09.003

Kemp, S. (2020). Datareportal. Retrieved from https://datareportal.com/reports/digital-2020-thailand?rq=thailand

KPGM. (2011). Privacy, security issues Hamper Wider Growth of mobile banking, despite increasing consumer acceptance: KPMG survey. Retrieved from https://www.prnewswire.com/news-releases/privacy-security-issues-hamper-wider-growth-of-mobile-banking-despite-increasing-consumer-acceptance-kpmg-survey-135994438.html

Microsoft. (2019). IDC Study: Only 31% of consumers In Asia Pacific trust organizations offering digital services to protect their personal data. Retrieved from Microsoft Stories Asia: https://news.microsoft.com/apac/2019/04/16/microsoft-idc-study-only-31-of-consumers-in-asia-pacific-trust-organizations-offering-digital-services-to-protect-their-personal-data/#_ftn2

Peikari, H. R., Ramayah T., Shah, M. H., & Lo, M.C. (2018). Patients’ perception of the information security management in health centers: the role of organizational and human factors. BMC Medical Informatics and Decision Making, 18. doi: 10.1186/s12911-018-0681-z

Personal Data Protection Act, B.E. 2562 (2019). (2019). Government Gazette. No. 136 Chapter 69 Gor, 52-95. Retrieved from http://www.ratchakitcha.soc.go.th/DATA/PDF/2562/A/069/T_0052.PDF

Pinto, S. L. (2018). Privacy and data protection: A study on awareness and attitudes of millennial consumers on the Internet - An Irish perspective. Retrieved from http://norma.ncirl.ie/3386/1/salonilerisapinto.pdf

Privacy International. (2018). How apps on android share data with Facebook. Retrieved from https://privacyinternational.org/sites/default/files/2018-12/How%20Apps%20on%20Android%20Share%20Data%20with%20Facebook%20-%20Privacy%20International%202018.pdf

The World Bank. (2016). Privacy by design: Current practices in Estonia, India, and Austria. Retrieved from https://id4d.worldbank.org/sites/id4d.worldbank.org/files/ PrivacyByDesign_112918web.pdf

Wagner, K. (2018). This is how Facebook collects data on you even if you don’t have an account. Retrieved from https://www.vox.com/2018/4/20/17254312/facebook-shadow-profiles-data-collection-non-users-mark-zuckerberg