Draft Law on Cyber Information Security was passed by the National Assembly today with 86.03% approval, allowing the establishment of an online information channel to handle citizens' complaints regarding personal information protection.
According to the enacted law, many actions are prohibited in the field of network information security, including obstructing the transmission of information on the network, intervening, accessing, causing harm, deleting, altering, copying, and unlawfully distorting information on the network.
It is prohibited to affect or unlawfully obstruct the normal operation of the information system or to unlawfully affect or obstruct the access capabilities of the information system users.
It is prohibited to attack, unlawfully disable, render ineffective security protection measures of the information system; attack, take control of, or destroy information systems.
The dissemination of spam, malware, the establishment of fraudulent, phishing information systems is prohibited.
It is prohibited to collect, use, disseminate, or illegally trade the personal information of others; exploiting vulnerabilities and weaknesses of the information system to collect and exploit personal information;
Illegal intrusion into, and revealing information of, legally encrypted secrets and encrypted information of agencies, organizations, and individuals; disclosing information about civil cryptographic products, information about legitimate customers using civil cryptographic products; the use and trading of civil cryptographic products of unclear origin are also not allowed.
Personal Information Protection
According to the Standing Committee of the National Assembly, the law only regulates technical issues to ensure that the information transmitted over the network remains intact, is not interrupted, modified or destroyed, and remains well-secured. Thus, it does not address issues related to information content and personal information.
Article 18 on “updating, amending, and deleting personal information” has been revised and clearly stipulates: Personal information subjects have the right to request organizations and individuals handling personal information to update, amend, delete their collected and stored personal information or stop providing their personal information to third parties.
The law also requires the establishment of online information channels to address public concerns about personal information protection.
The role of the Government Cipher Committee of Vietnam, which has previously caused debate, assigns responsibility to assist the Minister of Defense in performing state management of civil cryptography.
Network Information Security Law is effective from July 1, 2016.
Source: Vietnamnet.vn