Foreign firms shall be required to store users’ data in Vietnam and set up local offices, according to a government decree (No. 53/2022/ND-CP), scheduled to take place from the beginning of October 2022.
Under the decree, which details the implementation of the Cybersecurity Law coming into force in 2019, must-be-stored data belonging to and created by users in Vietnam includes account names, credit card information, email and IP addresses, service use time, most recent logins, registered phone numbers, and friends and groups users interact with online. Further, financial records, biometric data, and information on a user’s ethnicity and political views must be stored within Vietnamese territory.
According to a press release by the Ministry of Information and Communications (MIC), the data must be stored for at least 24 months, and system logs for criminal investigation purposes must be stored for at least 12 months. Firms will have 12 months to set up local data storage and local offices following the reception of instructions from the Minister of Public Security.
The decree will apply to telecommunication service providers and businesses that store and share data in cyberspace or provide national or international domain names for users in Vietnam. Also, e-commerce players, payment intermediaries, transport connection services operating in cyberspace, social media, online video gaming services, and messaging and voice or video call services.
In June, MIC stated that to ensure information security for information systems and Vietnam’s cyberspace, it would strengthen monitoring and proactive scanning, evaluate statistics, and issue warnings in the mass media so that users know and avoid the risk of cyber-attacks.
Earlier this month, the government issued a national cybersecurity strategy in response to cyberspace challenges till 2025 with a vision towards 2030. The strategy targets to maintain Vietnam’s ranking on the global cybersecurity index from 25th-30th by 2025. MIC has laid out the major tasks and solutions in the strategy, including strengthening the overall management of the state over cybersecurity, completing legal frameworks, and protecting national sovereignty in cyberspace.
As OpenGov Asia reported, the government will work to safeguard digital infrastructure, platforms, data, and national cyberinfrastructure. It will protect the information systems of state agencies as well as crucial sectors that need to be prioritised to ensure information security. Through the strategy, the country will foster digital trust and build an honest, civilized, and healthy network environment. It will prevent and combat law violations in cyberspace and enhance technological mastery and autonomy to actively cope with cyberspace challenges.
The government will train and develop human resources in cybersecurity, raise awareness about cybersecurity skills, and work to secure funding to implement cybersecurity initiatives. The strategy also aims to improve national prestige and foster international integration.
Meanwhile, incident response teams of 11 priority sectors for network information security will be formed. The key areas include transport, energy, natural resources and environment, information, health, finance, banking, defence, security, social order and safety, urban areas, and the government’s direction and administration.
According to a report released by the ITU in June 2021, Vietnam jumped 25 places after two years to rank 25th out of 194 countries and territories worldwide in the GCI in 2020. Vietnam ranked 7th in the Asia-Pacific region and 4th among ASEAN countries in the field.