VN discovers hundreds of organizations, individuals involved in data trading
A report on assessing the impact of a proposed personal-data protection law shows that data trading, leakage, and collection are rampant and difficult to control.
The Ministry of Public Security (MPS) completed two drafts – assessment about the current state of social relations related to personal data protection, and a report on possible impact on society associated with the proposal.
The latter showed that the personal data of more than two-thirds of Vietnam’s population is being stored, shared and collected on cybersecurity under different forms and at different level of detail.
Many enterprises use personal data for business, economic development and value creation. But there have been many serious cases of personal information leakage and exposure, related to tens of millions of people.
The report shows that the personal data trading is carried out openly and blatantly, with raw and processed information.
Meanwhile, many behaviors of this kind still cannot be punished because of the lack of regulations.
The personal data trading is carried out systematically and institutionally. Data sellers even offer a warranty for their services. They can update information and extract information to buyers’ orders. In many cases, data is offered for sale blatantly for a long time and with a big volume in cyberspace.
According to MPS, the volume of personal data illegally collected and traded has reached thousands of GB, including internal and sensitive data.
The VNG’s disclosure of 163 million of clients’ accounts, The Gioi Di Dong and Dien May Xanh’s exposure of 5 million emails and tens of thousands of pieces of information about customers’ payment cards and credit cards are typical examples.
Hackers attacked Vietnam Airlines’ server, and posted 411,000 accounts of clients who are members of Bong Sen Vang’s program on the internet.
The exposure of clients’ information which was exploited by taxi brokerage service companies to invite passengers to use taxis via SMS, and the appearance of FPT’s clients’ data on the internet were also considerable cases.
In 2023, the trading of personal data and sensitive data continued to occur under sophisticated forms. MPS discovered, investigated and verified 16 cases of losses and sale of information, state secrets, and internal data online.
According to MPS, the current rampant trading of personal data won’t be settled amid the lack of regulations on sanctions. The existence of the law on personal data protection is necessary which will help protect personal data.
