Experts recommend risk-based data governance to strengthen legal protection

In the first quarter of 2026, more than 6.9 million accounts were exposed, double the figure recorded in the same period last years. Stolen personal data has frequently been exploited in sophisticated online scams, particularly impersonation schemes targeting victims through fake relatives or acquaintances.

As cross-border e-commerce, digital business and new-generation free trade agreements (FTAs) accelerate cross-border data flows, experts have called on Vietnam to strengthen its legal framework to better protect personal and corporate data while supporting the country's digital economy.

They recommended shifting from a traditional administrative approach to a risk-based, internationally compatible data governance model capable of addressing emerging legal challenges in the digital era.

High risk of data leakage

The rapid expansion of cross-border trade, finance and digital services has heightened risks ranging from data breaches and online fraud to cyberattacks, privacy violations and other complex legal challenges, according to Dr. Tran Anh Tuan from the Department of International Law and settlement of investment disputes under the Ministry of Justice.

He noted that international payment systems are particularly vulnerable to fraud, identity spoofing, malware attacks, account takeovers, ransomware, and leaks of personal and financial data.

Lawyer Phan Hoai Nam, General Director of W&A Consulting and an arbitrator at the Vietnam International Arbitration Centre (VIAC), said personal data has become a core component of digital payment ecosystems. A single transaction may involve multiple layers of information, including personal identification, sensitive financial data, technical data and behavioural records, which together create comprehensive digital profiles of users.

Because payment data is directly linked to financial assets, any breach can quickly lead to identity theft or financial fraud, he said.

Experts also warned that although many digital services involve cross-border data transfers, users are often unaware that their personal information may be stored and processed in multiple countries when using foreign social media platforms, search engines, e-commerce marketplaces or cloud computing services. This has increased concerns over data misuse, data monopolies and the growing imbalance of power between individuals and major technology platforms.

Experts recommend risk-based data governance to strengthen legal protection
The illicit disclosure, sale and use of personal data have become increasingly widespread in Vietnam, posing serious threats to the legitimate rights and interests of individuals and organisations, as well as to national security in the digital environment.

In the first quarter of 2026, more than 6.9 million accounts were exposed, double the figure recorded in the same period last years. Stolen personal data has frequently been exploited in sophisticated online scams, particularly impersonation schemes targeting victims through fake relatives or acquaintances.

According to the Ministry of Public Security's Department of Cybersecurity and High-Tech Crime Prevention (A05), more than 30 types of cybercrime have been identified, with online fraudsters often collecting victims' personal data before carrying out financial scams.

Against this backdrop, experts stressed the urgent need to strengthen legal protection for Vietnamese individuals and organisations engaged in cross-border digital transactions.

Developing risk-based governance framework

The Politburo's Resolution 66-NQ/TW on reforming lawmaking and law enforcement calls for the legal framework to be updated in line with the digital environment, promoting innovation while ensuring data security, cybersecurity and national interests. It provides an important political foundation for shifting Vietnam's data management model from a purely administrative approach to one based on risk management, accountability and technological oversight.

Deputy Minister of Justice Nguyen Thanh Tu said data has become a strategic resource that will shape national competitiveness and future development, therefore Vietnam needs a governance mechanism capable of controlling risks and preventing data abuse while fully leveraging technological advances to improve productivity, product quality and the competitiveness of Vietnamese businesses.

Dr. Ha Cong Anh Bao from the Foreign Trade University, said cross-border digital commerce poses particular legal challenges because transaction data is often stored across multiple jurisdictions beyond the direct control of Vietnamese enterprises.

He recommended further improving regulations on data retention, intermediary responsibilities, electronic evidence preservation and the use of digital evidence in resolving cross-border disputes.

According to Lawyer Nguyen Trong Hieu from Asia Legal LLC, although the 2025 Law on Personal Data Protection marked significant progress in Vietnam's legislative approach, it has yet to establish comprehensive liability mechanisms for joint data controllers in cross-border transactions or clearly define responsibility-sharing arrangements. Jurisdiction over cross-border digital platforms also remains limited.

Vietnam's legal system faces the difficult task of balancing three major objectives - protecting personal data rights, safeguarding national digital sovereignty and security, and promoting the digital economy, Hieu said.

He suggested that future reforms should adopt a human rights-based approach to personal data protection rather than focusing primarily on cybersecurity and information management. Vietnam should also accelerate the shift towards risk-based data governance while establishing more flexible mechanisms to regulate cross-border data flows.

- (VNA/VLLF)

1900 6192 để được giải đáp qua tổng đài
090 222 9061 để sử dụng dịch vụ Luật sư tư vấn (CÓ PHÍ)
Đánh giá bài viết:
Bài viết đã giải quyết được vấn đề của bạn chưa?
Rồi Chưa

Tin cùng chuyên mục