2025-12-02
Dr. Pongsak Wonglertkunakorn
Access Control: Not Just Physical Security, but Data Privacy
Dr. Pongsak Wonglertkunakorn
- Workplace Consultant
- Ph.D. in Management from National Institute of Development Administration
- M.S. in Computer and Information Science from University of Pennsylvania
- B.Eng. in Computer Engineering from Chulalongkorn University
Many organizations still view access control purely as a physical safety measure. In reality, access control is tightly connected with data privacy, compliance, and corporate governance.
Why Data Privacy Depends on Access Control
Even in cloud-first companies, sensitive information often exists physically:
- HR offices with printed salary slips
- Meeting rooms with confidential whiteboard notes
- Backup drives stored in IT rooms
- Printed contracts in legal cabinets
If anyone can walk into these areas freely, data protection is impossible.
Real Incidents That Show the Risk
1. Visitor Leaked Internal Strategy
A visitor waiting in a meeting room photographed diagrams on a whiteboard outlining an upcoming system design. The competitor used this information to submit a superior bid.
2. Cleaning Staff Accessing Executive Meeting Rooms
Room cleaners unintentionally gained access to high-level financial planning notes left on tables. This caused internal panic and forced the company to implement controlled zones.
3. Contractors Entering Server Rooms Without Logs
When an unexpected system outage occurred, there was no record of who had accessed the server room that day. Without logs, investigation became nearly impossible.
Conclusion
Access control is the first defensive wall of data privacy. You cannot protect digital information if physical spaces remain unprotected.