VNExpress-Aug 18

A decree that requires international firms with services in Vietnam to store users’ data within Vietnamese territory and set up local offices is expected to take effect on October 1. The decree, announced earlier this week, adds certain terms to Vietnam’s existing Cybersecurity Law. It requires that data belonging to and created by users in Vietnam, including account names, credit card info, email and IP addresses, service use time, most recent logins and registered phone numbers, must be stored within Vietnam. Data about users’ relationships, including friends and groups that users interact with online, also need to be stored domestically, according to Thu Vien Phap Luat, a website that stores legal documents in Vietnam. International firms doing business in Vietnam, which provide telecommunication services, store and share online data and perform Internet transactions, among others, would be required to store data regarding users in Vietnam within the country’s territory and set up local offices, the decree states. The data must be stored for at least 24 months, and system logs for criminal investigation purposes must be stored for at least 12 months. Firms must complete data storage requirements and set up local offices within 12 months of being asked to do so by the Ministry of Public Security. Vietnam’s Cybersecurity Law, which went into effect in 2019, bans Internet users from organizing, encouraging or training other people for anti-state purposes. They are not allowed to distort history, negate the nation’s revolutionary achievements, undermine national solidarity, offend religions and discriminate on the basis of gender and race. Read more at: https://e.vnexpress.net/news/news/vietnam-requires-international-firms-to-store-users-data-set-up-offices-within-territory-4501256.html