![]() |
At a counter of Vietcombank's branch in Hanoi__Photo: VNA |
In order to safeguard human rights and privacy, and to prevent personal data violations that may infringe upon the rights and interests of organizations and individuals, the Ministry of Public Security has unveiled a draft decree guiding the Law on Protection of Private Data to collect opinions from agencies, organizations and individuals.
The draft applies to Vietnamese entities and individuals, Vietnam-based foreign entities and individuals, and foreign entities directly engaged in or related to the processing of personal data of Vietnamese citizens and stateless persons of Vietnamese origin residing in Vietnam and holding identity certificates.
Under the draft, organizations and individuals operating in the f finance and banking sectors and providing credit information services would have to protect personal data in compliance with international data protection standards and Vietnam’s personal data protection standards and cybersecurity regulations. They would also be required to conduct annual assessment of compliance of personal data protection regulations and keep records of personal data processing activities.
Personal data controllers and controllers-cum-processors must obtain the data owners’ consent through providing clear explanations about purposes for which personal data would be processed. Such purposes might include credit scoring, credit rating, assessment of credit information and creditworthiness. They must also disclose personal data sources, entities involved in the data collection and sharing, and data storage duration.
Within 72 hours after the unpermitted disclosure or loss of banking accounts, financial information and credit data is detected, organizations and individuals storing or processing such data would be required to notify data owners thereof.
The draft further clarifies that basic personal data refer to information reflecting common identity and background elements regularly used in transactions and social relations, which does not fall in the category of sensitive personal data. Sensitive personal data, by contrast, are defined as information associated with an individual’s privacy, the breach of which may directly affect lawful rights and interests of entities and individuals. Such data require restricted access authorization, strict processing procedures, and the application of enhanced security measures.- (VLLF)