Regulations on the protecting personal information in cyberspace in Vietnam

Regulations on the protecting personal information in cyberspace in Vietnam (Internet image)

1. What does personal information include?

Clause 15, Article 3 of the Law on Cyberinformation Security 2015 stipulates personal information as follows:

Personal information means information associated with the identification of a specific person.

2. Principles of protecting personal information in cyberspace in Vietnam

In Article 16 of the Law on Cyberinformation Security 2015 stipulates the principles of protecting personal information in cyberspace as follows:

- Individuals shall themselves protect their personal information and comply with the law on provision of personal information when using services in cyberspace.

- Agencies, organizations and individuals that process personal information shall ensure cyberinformation security for the information they process.

- Organizations and individuals that process personal information shall develop and publicize their own measures to process and protect personal information.

- The protection of personal information must comply with this Law and other relevant laws.

- The processing of personal information for the purpose of ensuring national defense and security and social order and safety or for non-commercial purposes must comply with other relevant laws.

3. Collection and use of personal information in Vietnam

Article 17 of the Law on Cyberinformation Security 2015 stipulates collection and use of personal information as follows:

- Organizations and individuals that process personal information shall:

+ Collect personal information only after obtaining the consent of its owners regarding the scope and purpose of collection and use of such information;

+ Use the collected personal information for purposes other than the initial one only after obtaining the consent of its owners;

+ Refrain from providing, sharing or spreading to a third party personal information they have collected, accessed or controlled, unless they obtain the consent of the owners of such personal information or at the request of competent state agencies.

- State agencies shall secure and store personal information they have collected.

- Owners of personal information may request personal information-processing organizations and individuals to provide their personal information collected and stored by the latter.

4. Updating, alteration and cancellation of personal information in Vietnam

Article 18 of the Law on Cyberinformation Security 2015 stipulates updating, alteration and cancellation of personal information as follows:

- Owners of personal information may request personal information-processing organizations and individuals to update, alter or cancel their personal information collected or stored by the latter or to stop providing such personal information to a third party.

- Upon receiving the request of an owner of personal information for update, alteration or cancellation of personal information or for stoppage of the provision of personal information to a third party, a personal information-processing organization or individual shall:

+ Comply with the request and notify such owner or grant him/her/it the right to access information for the latter to update, alter or delete his/her/its personal information;

+ Take appropriate measures to protect personal information; and notify such owner if it/he/she fails to comply with the request for technical or other reasons.

- Personal information-processing organizations and individuals shall delete the stored personal information when they have accomplished their use purposes or the storage time has expired and notify such to the owners of such personal information, unless otherwise prescribed by law.

5. Security assurance for personal information in cyberspace in Vietnam

Article 19 of the Law on Cyberinformation Security 2015 stipulates security assurance for personal information in cyberspace as follows:

- Personal information-processing organizations and individuals shall take appropriate management and technical measures to protect personal information they have collected and stored; and comply with standards and technical regulations on assurance of cyberinformation security.

- When a cyberinformation security incident occurs or threatens to occur, personal information-processing organizations and individuals shall take remedy and stoppage measures as soon as possible.

6. Responsibilities of state management agencies in protecting personal information in cyberspace in Vietnam

Article 20 of the Law on Cyberinformation Security 2015 stipulates Responsibilities of state management agencies in protecting personal information in cyberspace as follows:

- To establish online information channels for receiving petitions and reports from the public which are related to security assurance for personal information in cyberspace.

- To annually inspect and examine personal information-processing organizations and individuals; to conduct extraordinary inspection and examination when necessary.

Ngoc Nhi

>> CLICK HERE TO READ THIS ARTICLE IN VIETNAMESE