New Law on Cyber Security

04:10, 26/10/2018

Adopted last June, the Law on Cyber Security (the Law) aims to meet the need to protect the national security and ensure social order and safety in cyberspace.

 

Adopted last June, the Law on Cyber Security (the Law) aims to meet the need to protect the national security and ensure social order and safety in cyberspace.

Cyber security experts of the Public Security force__Photo: Internet
Cyber security experts of the Public Security force__Photo: Internet

 The 43-article Law contains specific provisions on cyber security protection for information systems of national security importance; prevention and handling of acts of infringing upon cyber security; cyber security protection activities; and responsibilities of related agencies, organizations and individuals.


The Law devote a separate chapter to providing for cyber security protection for information systems of national security importance. Accordingly, this work must closely combine with socio-economic development, guarantee of human rights and citizens’ rights, and facilitation of operations of agencies, organizations and individuals in cyberspace.

The Law also requires competent agencies to proactively prevent, detect, stop, fight and spoil any activities of using cyberspace to infringe upon national security, social order and safety, or lawful rights and interests of agencies, organizations and individuals; and stay ready to avert cyber security threats.

Cyber security protection measures

A dozen of cyber security protection measures are introduced in Article 5 of the Law, including:
  • Conducting cyber security appraisal;
  • Assessing cyber security conditions;
  • Conducting cyber security inspection and supervision;
  • Responding to and remedying cyber security incidents;
  • Taking actions to protect cyber security;
  • Using cryptography to protect cyber information;
  • Blocking, or requesting the suspension or termination of, provision of online information; terminating or suspending the establishment, supply and use of  telecommunications networks or the Internet, production and use of radio transmitters and receivers;
  • Requesting the removal of, or logging in to remove, unlawful or false information in cyberspace which infringes upon national security, social order and safety, or lawful rights and interests of agencies, organizations and individuals;
  • Collecting electronic data relating to activities in cyberspace which infringe upon national security, social order and safety, or lawful rights and interests of agencies, organizations and individuals;
  • Blocking or restricting operation of information systems; terminating, suspending, or requesting the cessation of, operation of information systems or revocation of domain names;
  • Initiating criminal cases, carrying out investigation, prosecution and trial activities in accordance with the Criminal Procedure Code; and,
  • Other measures prescribed by the law on national security and law on handling of administrative violations.

Responsibilities of service providers

Domestic and foreign enterprises providing services on the telecommunications networks or the Internet or providing value-added services in cyberspace in Vietnam must verify information when users register digital accounts and keep user information and accounts confidential. Additionally, they have to provide user information to the Ministry of Public Security’s professional cyber security protection force when receiving the latter’s written requests to serve the investigation and handling of violations of the law on cyber security. Particularly, foreign enterprises must establish their branches or representative offices in Vietnam.

The Law also requires service providers, in coordination with related agencies, to process information in cyberspace having contents opposing the Vietnamese State; instigating riots or disrupting security or public order; humiliating or slandering; or infringing upon economic management order.

In addition, service providers must block the sharing of, or remove fabricated or false information in cyberspace causing public anxiety, damaging socio-economic activities, obstructing activities of state agencies or persons on duty, or infringing upon lawful rights and interests of agencies, organizations or individuals, on the service platforms or information systems under their management within 24 hours after receiving a request from a competent agency under the Ministry of Public Security or  Ministry of Information and Communications.

They must also keep a system log for a period prescribed by the Government to serve investigation and handling of violations of the law on cyber security.

Service providers have to refrain from providing or stop providing services on telecommunications networks or the Internet or value-added services to organizations and individuals that publish in cyberspace the above-mentioned information when so requested by a competent agency.

Noticeably, in case service providers collect, exploit, analyze or process personal information or data on relationships of service users and data created by service users in Vietnam, they must store these data in the country for a period prescribed by the Government.

International cooperation in cyber security

Under the Law, international cooperation in cyber security will be implemented on the basis of respect for independence, sovereignty, and territorial integrity, non-intervention into internal affairs, equality, and mutual benefit.

Activities of international cooperation include: research and analysis of cyber security trends; creation of mechanisms and policies to boost cooperation between Vietnamese organizations and individuals and foreign organizations and individuals as well as international organizations engaged in cyber security; sharing of information and experiences; assistance in training, equipment and technology in cyber security protection; prevention of and fighting against cybercrime and infringements upon cyber security; averting cyber security threats; provision of counseling on, training and developing human resources for cyber security; organization of international conferences, seminars and forums on cyber security; entry into, and implementation of, treaties and international agreements on cyber security; implementation of, international cooperation programs and projects on cyber security; and other activities of international cooperation in cyber security.

The Law will come into force on January 1 next year.

(Source:VLLF)