ENSURING DATA SECURITY IN THE SOCIAL INSURANCE INDUSTRY

I. Legal bases

- Law on Cyberinformation Security 2015

- Cybersecurity Law 2019

- Decree No. 13/2023/ND-CP

- Dispatch No. 2916/BCA-A05 dated August 22^nd, 2023

II. Ensuring data security in the social insurance industry

1. What is ensuring the safety of the social insurance industry?

According to Clause 1 Article 3 of the Law on Social Insurance 2014, social insurance is a guarantee to replace or compensate a part of an employee's income when they are reduced or lost due to illness, maternity, labor accident, occupational disease, end of working age or death, on the basis of contributions to the social insurance fund. Currently, there are 2 types of social insurance: compulsory social insurance and voluntary social insurance.

Usually, an individual's social insurance book will include basic information and data such as name, date of birth, occupation, citizenship identity and some sensitive information such as religion, status of that individual. Therefore, ensuring the security of this information and data is very important because if they let this information fall into the wrong hands, they can take advantage of this information for profit and fraud.

2. Measures to ensure the safety of the social insurance industry

2.1. Measures to ensure safety for agencies, organizations and administration of social insurance

­      - First, units need to thoroughly comply with laws related to information and user data security. Agencies should organize the implementation and strictly implement regulations on personal data protection, prohibited acts in Article 7 of the Law on Cyberinformation Security, Article 8 of the Law on Cybersecurity, Article 9 of the Regulation on management, exploitation and use of information from the centralized database of the social insurance industry (Decision No. 2366/QD-BHXH dated 28/11/2018); Article 12 of the Regulation on ensuring information security in information technology application of the social insurance industry (Decision No. 967/QD-BHXH dated 20/06/2017), focuses on disseminating and thoroughly understanding to all civil servants-public employees about rights and obligations as prescribed by law.

­      - Second, assign written tasks to civil servants-public employees to exploit and process personal data. Verify and clarify cases of account password disclosure, account lending, improper use of accounts to access and exploit personal data at the unit and report to Vietnam Social Security

­     - Finally, in the process of building the electronic system of the social insurance industry, the system builder needs to build a system that can encrypt data and have a firewall to protect it, in addition, it is necessary to regularly check the system to detect errors and thereby take appropriate measures

2.2. Measures for individuals and organizations using social insurance

­              Similar to the agencies, organizations and managers of the social insurance industry, individuals and organizations that are users of social insurance also need to strictly comply with the provisions of law related to data privacy. Individuals and organizations do this first to protect their legitimate rights and interests, then to coordinate with agencies.

----------

For more information, please contact:

Hoang Pham (James) / Managing Partner at: hoang.pham@vselawyers.com

© 2023 VSE LAWYERS LIMITED LIABILITY LAW COMPANY – All rights reserved.

Attention: This legal update is not an advice and should not be treated as such.