Regulations on the collection, processing and use of personal information in the cyber environment in Vietnam

Regulations on the collection, processing and use of personal information in the cyber environment in Vietnam (Image from Internet)

1. Regulations on the collection, processing and use of personal information in the cyber environment in Vietnam

Regulations on the collection, processing, and use of personal information in the cyber environment according to Article 21 of Law on Information Technology 2006 are as follows:

• Organizations and individuals that collect, process, and use other people's personal information in the cyber environment must obtain their consent, except in cases where the law specifies otherwise.

• Organizations and individuals that collect, process, and use other people's personal information have the following responsibilities:

  • Notifying the individual about the form, scope, location, and purpose of collecting, processing, and using their personal information;

  • Using the collected personal information for the right purposes and store this information only for a definite period as prescribed by law or as agreed upon by both parties;

  • Implementing necessary administrative and technical measures to ensure that personal information is not lost, stolen, disclosed, altered, or destroyed;

  • Immediately taking necessary actions when requested to review, correct, or delete personal information as per the provisions of paragraph 1 of Article 22 of Law on Information Technology 2006; not supplying or using related personal information until it is corrected.

• Organizations and individuals have the right to collect, process, and use other people's personal information without their consent in the following cases:

  • Concluding, modifying, or fulfilling a contract for the use of information, products, and services in the cyber environment;

  • Calculating charges for the use of information, products, and services in the cyber environment;

  • Performing other obligations as prescribed by law.

2. Regulations on prevention and handling of dangerous cybersecurity situations in Vietnam

Regulations on the prevention and handling of dangerous cyber security situations according to Article 21 of Law on Cybersecurity 2018 are as follows:

* Dangerous cyber security situations include:

• The appearance of provocative information on cyberspace that could lead to riots, disturbance of security, terrorism;

• Attacks on critical national security information systems;

• Attacks on many information systems on a large scale, high intensity;

• Network attacks aimed at destroying important works related to national security, key national security targets;

• Network attacks that seriously infringe on sovereignty, interests, and national security; particularly severe harm to public order, societal safety, and lawful rights and interests of agencies, organizations, and individuals.

* Responsibilities for preventing hazardous cybersecurity situations are as follows:

• The specialized force for cybersecurity protection coordinates with the managing bodies of critical national security information systems to deploy technical and professional solutions to prevent, detect, and handle dangerous cyber security situations;

• Telecommunication, internet, information technology enterprises, service providers on telecommunication networks, internet, enhanced services in cyberspace, and relevant agencies, organizations, and individuals are responsible for coordinating with the specialized force for cybersecurity protection under the Ministry of Public Security in preventing, detecting, and handling dangerous cyber security situations.

* Measures for handling dangerous cyber security situations include:

• Immediately deploying emergency prevention and response plans, preventing, eliminating, or mitigating damage caused by dangerous cyber security situations;

• Notifying relevant agencies, organizations, and individuals;

• Collecting related information; continuously monitoring dangerous cyber security situations;

• Analyzing, evaluating information, forecasting possibilities, scope of influence, and level of damage caused by dangerous cyber security situations;

• Stopping the provision of network information in specific areas or disconnecting international network gateways;

• Arranging forces and means to prevent and eliminate dangerous cyber security situations;

• Other measures as prescribed by the National Security Law 2004.

* Handling dangerous cyber security situations is regulated as follows:

• When detecting dangerous cyber security situations, agencies, organizations, and individuals promptly notify the specialized force for cybersecurity protection and immediately apply measures specified in points a and b of paragraph 3 of Article 21 of Law on Cybersecurity 2018;

• The Prime Minister of Vietnam considers and decides or delegates to the Minister of Public Security to consider, decide, and handle dangerous cyber security situations nationwide, locally, or targeting specific objectives.

The Prime Minister of Vietnam considers and decides or delegates to the Minister of Defense to consider, decide, and handle dangerous cyber security situations concerning military information systems and information systems belonging to the Government Cipher Agency;

• The specialized force for cybersecurity protection takes the lead in coordinating with relevant agencies, organizations, and individuals to apply measures specified in paragraph 3 of Article 21 of Law on Cybersecurity 2018 to handle dangerous cyber security situations;

• Relevant agencies, organizations, and individuals are responsible for coordinating with the specialized force for cybersecurity protection to implement measures aimed at preventing and handling dangerous cyber security situations.

>> CLICK HERE TO READ THIS ARTICLE IN VIETNAMESE