According to the proposal of the Ministry of Public Security in the draft Decree on personal data protection, the penalty for violating the regulations on registration of sensitive personal data is from 80 to 100 million VND.
Decree is important in implementing e-Government
As one of the important decrees creating a legal corridor for e-Government implementation towards digital government in Vietnam, the Decree regulating personal data protection is assigned by the Government to the Ministry of Public Security to preside over, coordinate with relevant ministries, agencies and localities in research and construction. The deadline for the Ministry of Public Security to submit a draft Decree to the Government is in the first quarter of 2021.
|The draft Decree on personal data protection is one of the important decrees creating a legal corridor for e-Government implementation (Artwork).|
Currently, the Ministry of Public Security has completed the draft Decree on personal data protection. The draft Decree is being posted on the Government Portal and the Ministry of Public Security for comments from domestic and foreign individuals, organizations and enterprises.
Including 6 chapters with a total of 30 articles, this draft Decree provides for personal data, personal data processing, personal data protection measures, Personal data protection committee, microprocessor violation of personal data, responsibility for personal data protection of relevant agencies, organizations and individuals.
According to the draft Decree, personal data is data about individuals or related to the identification or possible identification of a particular individual. Personal data is classified into two categories, namely basic personal data and sensitive personal data.
In which, basic personal data includes: surname, middle name and birth name, alias (if any); date of birth; date of death or missing; blood type, sex; Place of birth, place of birth registration, permanent residence, current residence, hometown, contact address, email address; academic level; nation; nationality; phone number; ID card number, passport number, citizen identification number, driver’s license number, license plate number, personal tax code number, social insurance number …
Sensitive personal data includes personal data about political or religious opinions; about health status; genetics; on gender status; about life, sexual orientation; Financial; about social relationships …
Personal data protection means the prevention, detection, prevention and handling of acts of violating the provisions of the law on personal data.
The protection of personal data, as proposed by the Ministry of Public Security in the draft Decree, must ensure eight principles: legality, purpose, minimalism, limited use, data quality, security, personal, confidential.
In addition to specific regulations on data processing, the Data Protection Commission, the draft Decree on personal data protection also details measures to protect personal data.
Accordingly, the personal data processor must apply managerial, technical and physical measures to protect personal data to ensure the security, integrity and availability of personal data; de-identification and encryption; store, copy, extract and protect the personal data processing Party’s personal data processing history.
When processing personal data, the personal data processor must take steps to: prevent unauthorized access to the equipment used to process personal data; prevent unauthorized reading, copying, altering or deleting personal data; statistics on the time, subjects and personal data recorded, changed or deleted or accessed …
Proposing administrative penalties for violations of personal data processing
Notably, for the handling of violations of personal data protection regulations, the draft Decree stipulates that agencies and organizations violate the personal data protection regulations depending on the extent they may be impose administrative penalties or criminal penalties, and impose additional penalties in accordance with law.
The handling of violations of personal data protection regulations is applied to all domestic and foreign organizations, enterprises and individuals doing business in Vietnam. In addition to the specified penalty, the case of the personal data processor violating many times, with great consequences, can be fined up to 5% of the total revenue of the personal data processor in Vietnam.
Specifically, in Article 22 of the draft Decree, the Ministry of Public Security proposes the levels of administrative sanctions for violations of regulations on handling personal data.
In particular, a fine of between VND 50 million and VND 80 million is proposed for one of the following acts: violating the regulations on data subjects’ rights related to the processing of personal data; violates the regulations on personal data disclosure; violating regulations on restricting the right to access personal data; violating the regulations on the data subject’s consent to personal data; violating regulations on processing personal data in the absence of the data subject’s consent; violating regulations on automatic personal data processing; violating regulations on processing personal data of children …
A fine ranging from VND 80 million to VND 100 million is proposed for one of the following acts: not applying technical measures and building regulations on personal data protection; violating the regulations on registering sensitive personal data; violating regulations on cross-border personal data transfer. The Ministry of Public Security also proposes to apply this penalty to organizations, enterprises and individuals that commit the second violation with the acts specified in Clause 1, Article 22.
The draft Decree also stipulates a fine of up to 5% of the total revenue of the personal data breach handler in Vietnam for the following acts: the 3rd violation for the acts specified in Clause 1 Article 22; 2nd violation for acts specified at Points a, b, c, Clause 2, Article 22.
Vietnamese Internet users still publish many sensitive personal information
According to representatives of the Department of Cyber Security and High-Tech Crime Prevention (Ministry of Public Security), many sensitive personal information is posted publicly by users, facilitating automatic secret programs. collect information.