Law on Information Security focuses on addressing 7 groups of "pressing issues"

During the process of developing the draft contents, the Ministry of Information and Communications (MIC) has organized several seminars to gather feedback (in localities such as Hanoi, Ho Chi Minh City). The draft was also posted on the Government of Vietnam's electronic information portal and the Ministry's electronic information page for public feedback, in accordance with the requirements of the legal document promulgation process.

In December 2014, the project was approved by the Government of Vietnam to be submitted to the National Assembly. It is expected that the National Assembly will discuss this Law project during the May 2015 session and consider passing it during the October 2015 session. If approved by the National Assembly in 2015, this Law will officially be implemented from 2016.

The draft structure includes 9 chapters and 52 articles, focusing on resolving 7 main issues that currently lack legal regulations: cyberattacks, spam, malware, circulation of hardware and software with vulnerabilities, illegal sale of personal information, protection of national interests in cyberspace, human resource development, and market product development. However, the first 5 issues can reference international experiences and practices, while the last two issues need to consider Vietnam's specific factors, said Mr. Nguyen Huy Dung, Deputy Director of the Authority of Information Security (AIS) and a member of the Editorial Team.

As a comprehensive document addressing cybersecurity protection policies, the draft Law addresses many extremely important and "urgent" contents in the current context, such as Regulations on classifying the safety levels of information systems based on their importance, scale, and impact range when information security is breached to have appropriate management and protection measures; Enhancing the protection of personal information online; Gradually forming and developing the cybersecurity product and service market; and Strengthening the management, clearly delineating the functions and responsibilities of state management, and coordination between state management agencies in ensuring cybersecurity.

Especially, for the first time, the issue of personal information protection has been allocated an entire chapter in the draft law. Explaining this decision, the Editorial Board stated that after surveying the related laws of 30 countries and territories, and various Vietnamese laws and decrees, it was found that personal information protection is a relatively important part and indispensable in cybersecurity laws of nations. Vietnam's Electronic Transaction Law also addresses this issue. In recent years, the press has reported extensively on the buying and selling of personal information online, and there has been no law regulating the protection of personal information online. Therefore, the draft Cybersecurity Law aims to regulate behaviors of collecting, processing, and disseminating personal information online for business purposes.

According to the Authority of Information Security (MIC), the guiding principle of developing the Cybersecurity Law revolves around "active protection": both proactively protecting against attacks and implementing measures to limit cybersecurity risks early.

Proactive protection is reflected in the regulations on protecting information systems and responding to incidents when they occur, specifically: Information systems are classified according to their importance (national level, ministries, central authorities, and local authorities) and assigned corresponding responsibilities and protective measures. Such regulations also help clarify the rights and responsibilities of governing agencies, MIC, Defense Ministry, Public Security, and related parties in protecting critical information systems.

Information systems are also classified according to the total investment amount for IT application projects using state funds, with expected regulations to enhance the state management role of MIC in assessing information security from the design phase of the project, depending on the importance and total investment of the project. The governing organization of critical information systems must organize an incident response team, under the coordination and participation in the national incident response network organized and operated by MIC.

Measures to limit cybersecurity risks early are reflected in regulations on cleaning malware in the Vietnamese network environment, inspecting information security products before circulation in the market, and regulating business conditions for certain types of information security products and services....

Additionally, to create a complete legal framework for cybersecurity activities, the draft Law also introduces other regulations such as Human Resource Development, International Cooperation, and State Management of Cybersecurity.

Source: Vietnamnet.vn

>> CLICK HERE TO READ THIS ARTICLE IN VIETNAMESE