The social insurance industry in general is closely and deeply related to users' personal data in today's technology era, ensuring data security is not only a big challenge but also a top priority, especially in an important field such as social insurance. Insurance industry data not only contains sensitive personal information of people but is also an important foundation for organizing, managing and providing insurance services effectively.



I. Legal bases

- Law on Cyberinformation Security 2015

- Cybersecurity Law 2019

- Decree No. 13/2023/ND-CP

- Dispatch No. 2916/BCA-A05 dated August 22nd, 2023

II. Ensuring data security in the social insurance industry

1. What is ensuring the safety of the social insurance industry?

According to Clause 1 Article 3 of the Law on Social Insurance 2014, social insurance is a guarantee to replace or compensate a part of an employee's income when they are reduced or lost due to illness, maternity, labor accident, occupational disease, end of working age or death, on the basis of contributions to the social insurance fund. Currently, there are 2 types of social insurance: compulsory social insurance and voluntary social insurance.

Usually, an individual's social insurance book will include basic information and data such as name, date of birth, occupation, citizenship identity and some sensitive information such as religion, status of that individual. Therefore, ensuring the security of this information and data is very important because if they let this information fall into the wrong hands, they can take advantage of this information for profit and fraud.


2. Measures to ensure the safety of the social insurance industry

2.1. Measures to ensure safety for agencies, organizations and administration of social insurance

­      - First, units need to thoroughly comply with laws related to information and user data security. Agencies should organize the implementation and strictly implement regulations on personal data protection, prohibited acts in Article 7 of the Law on Cyberinformation Security, Article 8 of the Law on Cybersecurity, Article 9 of the Regulation on management, exploitation and use of information from the centralized database of the social insurance industry (Decision No. 2366/QD-BHXH dated 28/11/2018); Article 12 of the Regulation on ensuring information security in information technology application of the social insurance industry (Decision No. 967/QD-BHXH dated 20/06/2017), focuses on disseminating and thoroughly understanding to all civil servants-public employees about rights and obligations as prescribed by law.

­      - Second, assign written tasks to civil servants-public employees to exploit and process personal data. Verify and clarify cases of account password disclosure, account lending, improper use of accounts to access and exploit personal data at the unit and report to Vietnam Social Security

­     - Finally, in the process of building the electronic system of the social insurance industry, the system builder needs to build a system that can encrypt data and have a firewall to protect it, in addition, it is necessary to regularly check the system to detect errors and thereby take appropriate measures

2.2. Measures for individuals and organizations using social insurance

­              Similar to the agencies, organizations and managers of the social insurance industry, individuals and organizations that are users of social insurance also need to strictly comply with the provisions of law related to data privacy. Individuals and organizations do this first to protect their legitimate rights and interests, then to coordinate with agencies.


For more information, please contact:

Hoang Pham (James) / Managing Partner at: hoang.pham@vselawyers.com


Attention: This legal update is not an advice and should not be treated as such.

Subscribe To Legal Advice from VSE Lawyers

If you would like to have any legal questions, please contact us for our advice

0938 683 594