Protecting Personal Data: Knowledge, Proactivity, and Consciousness

As Decree 13 concerning the protection of personal data rights will officially take effect on July 1, 2023, Oxfam collaborated with the social enterprise Dear Our Community to organize a community campaign called "Keep Safe in the Net." The campaign aims to enhance the awareness of young people regarding the significance of personal data protection and network security. Simultaneously, it endeavors to encourage businesses and social organizations to actively participate in safeguarding the personal data of their customers and partners.

As part of the campaign, the conference on "Protecting Privacy & Customer Data" was held on June 8, attracting the participation of prominent corporations such as KPMG, HSBC, and GeoComply. During the conference, experts provided valuable advice to Vietnamese businesses and organizations, particularly small and medium enterprises that may lack strength in data security.

According to Ms. Amarjit Kaur, Legal Director at KPMG Vietnam, data security is a long-term commitment, as legal regulations will continue to be updated and augmented. It is also challenging to achieve a perfect security method. Therefore, it is crucial for businesses and organizations to actively develop a comprehensive strategy for securing customer information, regularly review data collection and processing activities, and employ AI to aid in information authentication, data scanning, and the detection of suspicious behavior. These efforts will enhance the reputation of businesses and organizations, mitigate legal issues, and contribute to establishing a more robust, transparent, and sustainable data protection environment in Vietnam.

Furthermore, on June 10, as part of the "Keep Safe in the Net: Protecting Personal Data in the AI-Driven World" forum held at the University of Natural Sciences, Vietnam National University in Ho Chi Minh City, a substantial number of participants were informed about their rights to protect personal data under Decree 13. These rights include the consent to the use of personal information by others, the right to withdraw consent at any time, and the right to request data deletion or restriction.

Experts consistently emphasized the importance of safeguarding personal information, encompassing both basic details (such as full name, date of birth, and contact information) and sensitive information (including health status, travel itineraries, and financial data), as this data serves as the foundation for identifying individuals.

According to expert Ngo Minh Hieu (Hieu PC), the disclosure of such information can lead to various common risks, such as harassment through spam messages or calls, and more severe threats like fraud or scams. Experts also offer the following tips for protecting personal data:

1. Limit the online sharing of personal information, particularly details related to finances, schedules, and health.
2. Actively seek, consult, and verify information on websites.
3. Exercise caution when encountering online temptations, as nothing is truly free.
4. Immediately report any scams to ensure personal and community safety, rather than just blocking or deleting them.

Experts have recommended the following useful tools:

1. Report signs of fraud to the National Cyber Security Monitoring Center at NCSC.gov.vn  
2. Verify the website information of verified businesses and organizations at Tinnhiemmang.vn 
3. Determine if your personal information has ever been leaked, and access data protection guidelines at Haveibeenpwned.com 
4. Test your knowledge of fraud prevention at Dauhieuluadao.com 
5. Report spam messages and calls at Chongthurac.vn
6. Using an application that warns against dangerous, phishing, malware-infected, or fake websites with infringing content at Chongluadao.vn

About Decree 13

On April 17, 2023, the Government issued Decree No. 13/2023/ND-CP on the protection of personal data (“Decree 13”). Decree 13 will take effect from July 1, 2023. Decree 13 is the third legal document issued in the Government's plan to strengthen the legal framework regulating activities in cyberspace. Decree 13 provides more details on data protection and cybersecurity obligations for personal data processing activities.

Decree 13 applies to all domestic or foreign organizations and individuals that are involved in the processing of personal data in Vietnam (e.g. employees, customers, suppliers, users or individuals), even if the processing of personal data is done outside of Vietnam. While having similar requirements to the EU General Data Protection Regulation (“GDPR”), Decree 13 has some significant differences, such as compliance requirements for the transfer of personal data abroad and require the company or organization to submit an assessment of the impact of personal data processing within 60 days of the data being transferred abroad.