COMMERCIAL INFORMATION MAY NOT BE SENT TO ELECTRONIC ADDRESSES OF RECIPIENTS WHEN THE LATTER HAS NOT YET CONSENTED
Commercial information may not be sent to electronic addresses (means an address used to send and receive information in cyberspace, including email address, telephone number, internet address and other similar forms) of recipients when the latter has not yet consented or has refused to receive, unless the recipients are obliged to receive information under law.
This is one of the important content prescribed at the Law on Cyberinformation Security No. 86/2015/QH13 passed by the National Assembly on November 19, 2015, takes effect on July 01, 2016 on protecting personal information in cyberspace, the Law prescribes that Individuals shall themselves protect their personal information and comply with the law on provision of personal information when using services in cyberspace; Organizations and individuals that process personal information shall collect personal information only after obtaining the consent of its owners regarding the scope and purpose of collection and use of such information. At the same time, state management agencies shall establish online information channels for receiving petitions and reports from the public which are related to security assurance for personal information in cyberspace and annually inspect and examine personal information-processing organizations and individuals; to conduct extraordinary inspection and examination when necessary.
Another important contents is 06 prohibited acts on protecting personal information such as blocking the transmission of information in cyberspace, or illegally intervening, accessing, harming, deleting, altering, copying or falsifying information in cyberspace; Illegally affecting or obstructing the normal operation of information systems or the users’ accessibility to information systems; Illegally attacking, or nullifying cyberinformation security protection measures of, information systems; attacking, seizing the right to control, or sabotaging, information systems; preading spams or malware or establishing fake and deceitful information systems; Illegally collecting, utilizing, spreading or trading in personal information of others; abusing weaknesses of information systems to collect or exploit personal information; hacking cryptographic secrets and lawfully enciphered information of agencies, organizations or individuals; disclosing information on civil cryptographic products or information on clients that lawfully use civil cryptographic products; using or trading in civil cryptographic products of unclear origin.
