The Authority of Information Security (AIS) under Vietnam's Ministry of Information and Communications (MIC) has asked organizations and businesses to take drastic measures to protect personal information.
The move comes in the wake of numerous recent security breaches that have resulted in property loss, damage to the reputation of organizations and businesses, and harm to the national information security in the country having 79% of population using the Internet.
Given rising cyber attacks, especially ransomware, the AIS advised that corrective action must be taken whenever a vulnerability is identified, especially for information systems that store and process personal information and personal data.
VNPT's Data Center System at Hoa Lac Hi-Tech Park. Photos: VNPT |
At a recent workshop on "Developing a Personal Data Protection Policy" organized by the Ministry of Public Security (MPS), one of the topics discussed was how organizations and companies protect personal data.
Do Ngoc Thien, Chief Technology Officer of Kalapa Data Technology and Machine Learning Company, said his company is coordinating with banks and credit institutions to detect and prevent fraud through electronic Know Your Customer (eKYC).
Kalapa's eKYC technology applies big data analysis (Bigdata) to track and analyze millions of transactions in real time, detecting fraud patterns; applying artificial intelligence (AI) and machine learning to detect complex fraud patterns that are difficult for humans to recognize. Besides, biometric methods such as fingerprints, facial recognition, voice recognition are used to authenticate users.
Another solution developed by Vietnam Data Security Joint Stock Company (VNDS) is the Personal Data Protection Compliance Platform (DataTrust), which helps businesses to prove compliance with personal data protection regulations, such as status reports, administrative procedure reports, rights of data subjects, and others, according to VNDS Technology Director Do Hung Thuan.
“Specifically, DataTrust provides a comprehensive set of tools, supporting full enforcement of data subjects' rights, ensuring maximum compliance for businesses such as status report, administrative procedure reports, rights of data subjects, and among others,” Thuan said.
Regarding the management agency, Tran Quang Hung, Deputy Director of the Department of Digital Economy under the MIC, said that the ministry will focus on four groups of solutions for managing user authentication and reviewing information in the cyberspace.
Management agencies require authentication of social network user accounts via phone numbers to limit cybercrime, facilitate authorities in monitoring, detecting and handling violations. Domestic and foreign organizations and individuals providing information on Vietnamese cyberspace comply and remove content that violates the law when requested.
Meanwhile, Lieutenant General Nguyen Minh Chinh, Director of the Department of Cyber Security and High-Tech Crime Prevention under the Ministry of Public Security, said that the ministry has oriented to build Vietnam's Personal Data Protection Law, improve personal data protection capacity for domestic organizations and individuals to approach international and regional levels; promote the legal use of personal data to serve socio-economic development.
Chinh emphasized that personal data protection is becoming an urgent issue and said that the draft law on personal data protection in Vietnam stipulates 11 rights and 5 obligations for data subjects.
"Protecting personal information is also protecting the property, privacy, freedom, and reputation of each individual and the community. It contributes to building a civilized, safe, and developed society," Chinh said.
Vietnam is one of the countries with the highest internet penetration. By the end of 2023, about 79% of people used the Internet. According to Viettel Cyber Security Company, data leakage, security holes, and ransomware attacks have increased rapidly recently. In the first quarter of 2024, the number of ransomware increased by 70% year-on-year.
The most advanced data center in Vietnam. |
The data of many organizations was stolen, leading to leaks and exposure of sensitive and important data to the outside. Encryption of the organization's virtual infrastructure also leads to disruption of the businesses’ production and activities. Service interruptions or attacks also cause partners and customers to lose trust and underestimate the ability of the providers.
However, Major Dao Duc Trieu, Head of the Research, Policy and Legal Advisory Department under the National Cyber Security Association said that awareness of personal data protection is still imbalanced. Many people are willing to trade private and personal information for technological convenience.
Another challenge is coordinating with third parties (partners) to protect personal information, as it is difficult to create an effective coordination mechanism between parties in the event of a personal information breach.
Referring to Vietnam's draft law on personal data protection, Phan Minh Quan of Ernst & Young Law Vietnam Limited Liability Company (EY Law Vietnam) wonders whether companies should coordinate with third parties (partners) to protect personal data.
"If so, are there internal agreements or commitments for transfer of personal data between the enterprise and its partners? I think building and updating the internal policy framework requires reviewing all internal policy documents related to personal data, including guidance documents for employees and labor regulations to ensure consistency," Quan told The Hanoi Times.
Vu Ngoc Son, Technical Director of the Vietnam National Cyber Security Technology Corporation (NCS), said that in fact organizations face obstacles in reporting and contacting third parties to collect relevant documents.
"If there are no specialized personnel, enterprises can contact cybersecurity companies for advice and implement measures suitable for them. The National Cyber Security Operations Center (NCSOC) for network security monitoring around the clock is an example. The expectation is to provide technical solutions for businesses and organizations, especially small- and medium-sized enterprises," Son said.