The act of buying and selling personal data of over 10,000 people should result in a fine of VND80-100 million (nearly US$3,500), according to a proposal by the Ministry of Public Security.
The act of buying and selling personal data of over 10,000 people should result in a fine of VND80-100 million (nearly US$3,500), according to a proposal by the Ministry of Public Security.
The Ministry of Public Security completed a draft decree on sanctioning administrative violations in the field of cybersecurity to collect comments from agencies, organisations and individuals.
Notably, in the draft decree, the Ministry of Public Security dedicated a section with 17 articles to stipulate penalties for violations in the protection of personal data.
The Ministry of Public Security said that information and data security have received attention, but no sanctions have been applied. Personal information data is used, stolen, disclosed, exchanged, sold for profit, or solicited from customers when using services.
Personal information of users of applications and services in cyberspace is being collected, exploited and used publicly by enterprises providing digital content, e-commerce, and foreign data storage applications.
"These are behaviours that need to be sanctioned to increase the effectiveness of the law, increase deterrence, and prevent crime," the Ministry of Public Security emphasised.
The fine will be double the above regulation for acts of disclosing or losing personal data after it has been transferred across the border, causing consequences to 100,000 data subjects who are Vietnamese citizens; and three times more with the act of disclosing and losing personal data after crossing the border, causing consequences for 1 million data subjects who are Vietnamese citizens.
Acts of disclosing or losing personal data after it has been transferred across the border, causing consequences on more than 1 million data subjects who are Vietnamese citizens, will be subject to a fine equal to 5 per cent of total revenue in Viet Nam.
In addition, the draft decree being consulted by the Ministry of Public Security also stipulates the form and penalties for violations of regulations on information security, cyber attack prevention, implementation of network security protection activities, and the prevention and control of acts of using cyberspace, information technology and electronic means to violate the law on social order and safety.
The full text of the draft decree on sanctioning of administrative violations in the field of cybersecurity has now been posted on the Government's portal at chinhphu.vn and the Ministry of Public Security's portal at mps.gov.vn for comments for two months starting from September 20. — VNS