Draft decree classifies financial, credit information as sensitive data

mask

Friday 10/03/2025 - 12:30

Organizations and individuals operating in the finance and banking sectors and providing credit information services would take responsibility for protecting personal data in conformity with international standards and domestic regulations on personal data protection and cybersecurity.

At a counter of Vietcombank's branch in Hanoi__Photo: VNA

In order to safeguard human rights and privacy, and to prevent personal data violations that may infringe upon the rights and interests of organizations and individuals, the Ministry of Public Security has unveiled a draft decree guiding the Law on Protection of Private Data to collect opinions from agencies, organizations and individuals.

The draft applies to Vietnamese entities and individuals, Vietnam-based foreign entities and individuals, and foreign entities directly engaged in or related to the processing of personal data of Vietnamese citizens and stateless persons of Vietnamese origin residing in Vietnam and holding identity certificates.

Under the draft, organizations and individuals operating in the f finance and banking sectors and providing credit information services would have to protect personal data in compliance with international data protection standards and Vietnam’s personal data protection standards and cybersecurity regulations. They would also be required to conduct annual assessment of compliance of personal data protection regulations and keep records of personal data processing activities.

Personal data controllers and controllers-cum-processors must obtain the data owners’ consent through providing clear explanations about purposes for which personal data would be processed. Such purposes might include credit scoring, credit rating, assessment of credit information and creditworthiness. They must also disclose personal data sources, entities involved in the data collection and sharing, and data storage duration.

Within 72 hours after the unpermitted disclosure or loss of banking accounts, financial information and credit data is detected, organizations and individuals storing or processing such data would be required to notify data owners thereof.

The draft further clarifies that basic personal data refer to information reflecting common identity and background elements regularly used in transactions and social relations, which does not fall in the category of sensitive personal data. Sensitive personal data, by contrast, are defined as information associated with an individual’s privacy, the breach of which may directly affect lawful rights and interests of entities and individuals. Such data require restricted access authorization, strict processing procedures, and the application of enhanced security measures.- (VLLF)

Vietnamlawmagazine

See also

Draft circular seeks to increase access to legal aid in proceedings

Govt. urges completion of financial support mechanisms for citizens and businesses in green transport transition

Ministry proposes fast-track procedures for investment policy approval

Centralized digital technology parks to be formed for digital technology industry development

SBV’s draft circular seeks to boost cash flow transparency at International Financial Center

Draft Construction Law shortens construction permission consideration time

Ministry proposes new regulations on urban classification aligned with two-tier local administration model

Government drafts special mechanism to ease bottlenecks in mineral exploitation

Draft unveils two electricity pricing options for electric vehicle charging

International tax administration rules proposed