Ministry warns about complicated personal data trading

August 16, 2023 | 05:28 am GMT+7

The Authority of Information Security (DIS) under the Ministry of Information and Communications has warned that the buying and selling of personal data has become increasingly common and complicated with a new risk of retailing individual data.


Đỗ Hải Anh, Deputy Head of the DIS’ Planning and Development Office stated that previously, data trading activities were typically conducted within closed social media groups, but a new approach has surfaced involving the use of chatbots and transactions through channels and accounts on Telegram, retailing individual personal data.

"This indicates that the buying and selling of personal data has become very prevalent, carrying new risks," she said.

Hải Anh said Government agencies or large corporations with extensive and particularly sensitive datasets were among the most susceptible to data breaches, followed by vulnerable user groups, such as the elderly, children, or those with limited knowledge about information security.

Based on the evidence of leaks, theft, and personal data trade, the capability to safeguard information for citizens, businesses, and domestic agencies remained weak.

Additionally, the current workforce in the field of information security did not meet actual demands. Statistics from DIS showed that there were approximately 3,600 personnel working in information security nationwide, meeting only 10 per cent of the actual demand.

Awareness of personal information protection remained low, she said. Information providers were careless, supplying data indiscriminately, especially on social media. Organisations and businesses collected vast amounts of data without proper protection, engaged in unauthorised sharing with third parties, leaking information through data management staff, engaging in online fraud to gather personal information. Information systems collecting, processing, and storing user personal data lacked security and cyber protection, making them vulnerable to attacks.

To prevent these situations, DIS suggested that management agencies need to strengthen the protection of personal data; implement managerial and technical measures to safeguard personal data; provide guidance on protecting personal data and ensure cybersecurity for information systems containing personal data.

Additionally, DIS would conduct inspections and audits in areas under the management of the Ministry of Information and Communications, focusing on units that collected and processed large quantities of personal information, such as social media, telecommunications companies, postal services, and multiple-user platforms.

It would collaborate with relevant units to continue monitoring and reviewing the situation of data leaks, personal information trading by agencies and organisations in Việt Nam, issuing warnings, and providing timely support for processing. It would also carry out extensive awareness campaigns among the population to educate them about the importance of protecting personal information and using tools for data privacy.

Furthermore, DIS would promote the deployment of the Network Trust Ecosystem at the website: to evaluate and confirm websites ensuring cybersecurity, including the protection of personal data.