With Vietnam rapidly advancing its digital transformation, the safeguarding of personal data has emerged as a significant national challenge.
The ongoing digital transformation, coupled with economic modernization and the emergence of a digital society, is fundamentally altering Vietnam’s future trajectory. Central to this shift is personal data, a vital asset fueling innovations such as big data analytics, artificial intelligence, cloud computing, blockchain technology, and the metaverse. However, this swift tech adoption has unveiled critical vulnerabilities in data security.
Recent reports by Viettel Cyber Security highlight a troubling trend: ten major data breaches have recently occurred in Vietnam. These breaches encompass a range of incidents, including the theft of 300GB of a tech company’s source code and customer data, as well as the exposure of 500MB in leaked databases from prominent universities. Additional breaches have involved the loss of 3.5 million media and retail records and the compromise of an energy sector database that contained sensitive system codes and customer information. In total, these breaches have resulted in the exposure of over 15GB of source code and nearly 4 million personal records.
In response to these critical incidents, Vietnamese authorities have acted swiftly to address security flaws and have issued public alerts regarding the risks associated with sharing personal information online. Citizens and businesses are now encouraged to exercise caution when transmitting sensitive data, particularly phone numbers and banking details.
Data leaks often involve comprehensive personal profiles, including names, birthdates, national ID numbers, addresses, phone numbers, bank account details, familial connections, job titles, and workplace information. These security incidents highlight an urgent need for stronger personal data protection policies in Vietnam’s digital landscape.
To tackle these issues, the National Assembly has passed the Law on Personal Data Protection, which is set to come into effect on January 1, 2026. As the implementation date approaches, there are pressing requirements for organizations to adhere strictly to the legislation. This includes clear definitions of data usage purposes, verification of data sources to ensure their accuracy, and limitations on data retention periods. Furthermore, mechanisms must be established to enable individuals to withdraw consent and mandate the deletion of personal data in cases of regulatory violations.
While the forthcoming law will introduce universal guidelines, specific regulations for handling personal and sensitive data will be crucial. The clearer these regulations are, the more effective their implementation will be in safeguarding the rights and interests of individuals and organizations affected by data breaches in the context of legal and social issues.
By Do Trung – Translated by Anh Quan
