Law targets protecting personal information from cyber attack.
On the morning of November 19 the National Assembly voted to adopt the Law on Internet Information Security, to take effect from July 1, 2016.
Prohibited acts include collecting, using, distributing and illegally trading personal information of other persons or taking advantage of security flaws in information systems to collect personal information.
According to Ms. Vo Thi Trung Trinh, Deputy Diretor of the Ho Chi Minh City Department of Information and Communications, cyber attacks on information systems in the City have increased this year comparison to previous years and now pose a greater danger.
The source of attacks is mainly IP addresses located in China, Taiwan, the US, Russia, India, and even inside Vietnam. Due to common defense systems being unable to detect and handle Advanced Persistent Threats (APT), the City has implemented technical solutions and appointed specialists to take preventive measures.
Mr. Nguyen Huu Nguyen, Director of the Vietnam Computer Emergency Response Team (VNCERT), said that organizations experiencing an attack usually handle the situation quietly due to the fear of having their reputations affected and many refuse to support VNCERT’s inspections after such incidents. Problems are only addressed by authorities once they are already out of control, at which point the damage has been done.
To overcome problems relating to the shortage of skilled human resources, the government is deploying Prime Minister’s Program 99 to foster awareness and knowledge about cyber security.
According to Mr. Phan Xuan Dung, Chairman of the National Assembly’s Commission of Science, Technology and Environment, the scope of the new law only addresses technical issues in ensuring the transmission and security of information.
The National Assembly believes the law will contribute to improving the legal framework on information security and it will promote resource use for ensuring information safety and developing information security fields. It will also protect the rights and legitimate interests of organizations and individuals engaged in information security.