|The rise of e-commerce presents increased risks to the safety of customer data. — Photo thebank.vn
Vietnam is facing increasing cases of personal data theft, with more entities collecting, analysing and processing data for different purposes without notifying customers.
The ministry said that new services using personal information, such as online payments, e-commerce, games, cryptocurrency trading and multi-level businesses, have raised issues related to national security and social order and safety.
“Therefore, the development of a decree on personal data protection is needed,” the ministry said.
It said that Vietnam’s internet use is growing rapidly. The number of internet users accounts for about two thirds of the population, of which there are 58 million Facebook accounts and 62 million Google accounts.
Along with a large number of users, the amount of data generated also increased.
The ministry said that personal data is assessed as an input of the digital economy. Sectors and fields such as tax and e-commerce all use personal data to authenticate and identify users.
Last year, a bank in Vietnam exposed the personal data of more than two million customers. In previous years, customer data of a series of large companies in the retail and aviation industries also fell into the hands of hackers. Vietnam is also the country with the highest number of individuals exposed in the Cambridge Analytica scandal.
Several companies were mentioned in the report regarding their data breaches, including the exposure of VNG Company’s 163 million customer accounts; Mobile World and Dien May Xanh’s breach including five million emails and tens of thousands of payment card numbers; and customer data of FPT Company was posted publicly online.
According to the ministry, this is a problem of data management, which must be fixed to prevent and handle legal violations involving personal information, while complying with international law.
In terms of policies, the draft decree has regulations on personal data protection focusing on regulations licensing the transfer of personal data of Vietnamese citizens to foreign countries, registration of processing sensitive personal data, revising a number of provisions of the law on personal data protection.
It will define the rights and responsibilities of agencies, organisations and individuals in protecting personal data, aiming to agree guidelines, policies and laws on personal data protection of agencies, organisations and individuals, and creating a legal basis for them to protect personal data.
The draft decree also includes concrete sanctions for violations on personal data protection.
The ministry said that more than 80 countries have issued documents on the protection of personal information.
The draft has been sent to ministries and agencies to collect ideas and opinions. It’s expected to be submitted to the Government later this year.