Introduction
Data protection policy in times of digital transformation is an important aspect of business operations. It is a set of regulations, standards, and recommendations on which the activities of public policy of all organizations should be based in order to ensure the protection of the data available to it. Raising awareness of data protection vulnerabilities can help create a secure business. To do this, it is important to apply such effective measures as the employment of IT specialists, risk assessment, and ways to protect personal information. Furthermore, data protection in Vietnamese economy can help overcome such problems as harmful data, information misuse and ethical issues of problems connected with technology.
Policy Context
Because of multiple incidents related to data protection in recent years, it becomes obvious that this aspect is an important issue at the international level. The Law on Cybersecurity was published on June 25, 2018 (Law No. 24/2018/QH14) and takes effect from January 1, 2019 (Chi and Thuy 10). After the need for the promulgation of this act, law enforcement agencies have used tools to communicate and educate people, self-employed households, and businesses to understand the importance of this law at the desired level.
With the fast growth of technology in the modern world, a new phenomenon has evolved called the Era 4.0. Ervural state that “the integration of information technology and operational technology brings newer challenges, especially cyber security” (267). Era 4.0 is always mentioned by media channels, public sector management, private sector enterprises, education and training sector. Administrative sector was mentioned as an inevitable condition to transform them to catch up with the science and technology foundation in the most advanced countries in the world, such as Israel, America, or China. Moreover, Vietnamese legislation must consider taking more effective actions to not only secure vital data, but also to bring more innovation.
The rapid transformation of enterprises, digital governments, economies, societies, and populations, will lead to unforeseen risks of harm not only at the security of personal information or threats with hidden clips, credit card information and data misuse. The dangers in the shadows behind the black clouds directly affect the economy, foreign policies, national security work (Herrmann et al. 141). This aspect of data protection can lead to unintended consequences.
Policy Areas
The creation and definition of policy areas aimed at strengthening security in cyberspace are of particular importance. The main policy areas that are connected with cyber security are law and public policy, public management, state administration, development policy. Dong and Linh state that “the goal of the new digital safety policy framework should be to nurture a healthy and sustainable digital society, adopting human-centric approach and rights based measure” (5). Data protection policy plays the role of enhancing the security and reliability of the state’s information systems. In such a strategy, it is necessary to apply a high-level and top-down approach. Thus, a number of goals and priorities are put forward that need to be achieved over a certain period of time.
Policy Questions/ Research Questions
The objective of the study is to use research information and surveys to collect primary and secondary data. Moreover, there is a need to understand the importance of data protection for domestic enterprises, as well as foreign-invested enterprises (FDI) (Austin 65). Then, the assessment of the health and safety of the digital business environment within the territory of Vietnam will also be implemented.
- Why is hybrid data protection considered an urgent thing in the 4.0 era?
It is impossible to ensure cybersecurity of infrastructure, especially industrial, without the joint work of interconnected departments. Enterprises need to develop an information security system in which people and technologies related to various departments will interact: IT, information security, automated control systems, physical security (Durakovskiy et al. 217). Moreover, security should be built-in and begin with the formation of a solution at the level of all departments and local technologies.
- What is the current status of the legal basis and implementation in Vietnam related to security issues?
Vietnam has a legal policy on data protection of enterprises. In accordance with the law, organizations offering Internet services on the territory of the country must place digital data repositories of Internet users on its territory. Foreign enterprises, in turn, should establish representative offices in Vietnam. Information can also be hidden if it could harm the State interests or the well-being of the nation. However, there are still some gasps that need to be improved.
- What should be done to improve the legal gaps in data protection in Vietnam?
Data protection methods make it possible to respond to incidents in a timely manner and prevent attacks using various technologies and accumulated knowledge. Thus, cybersecurity managers focus on technology and on working closely with business teams in order to strengthen and enhance the sustainability of the organization as a whole (Lucas 2). The result of such interaction is the readiness of this aspect of personal data protection to fight against intruders, fighting back and repelling attacks with special effectiveness.
Theoretical Analysis Framework
The main subject is quantitative analysis frameworks: Institutional Economics by Douglas North and Behavioral Economics by Richard Thaler (Hodgson 2; Sunsteitf 6). The secondary subject is the Micro-Economics: Game Theory, Imperfect Information, Asymmetry of Information. Lastly, an additional subject is public management and design thinking. It is used to describe the specificity of the research subjects, here is the perspective between business sizes, small, medium, and large, for the view of the level of importance to cybersecurity.
Expected Data Sources and Information
In various countries, there are institutional differences in the development of policy and law applicable to cybersecurity. This legal framework will consider such examples as Vietnam and China.
Vietnam
There are legal documents related to the law on cybersecurity and data protection in the country, including the Law on Cybersecurity (Law No. 24/2018/QH14), Law on Cyber Information Security (Law No. 86/2015/QH13). In addition, the document introducing the Cybersecurity Thesis of the Department of Legal and Judicial Administrative Reform of the Ministry of Public Security directive (No. 14/CT-TTg) on strengthening the protection and cybersecurity to improve Vietnam’s ranking index will be used. Operating framework and quality assessment framework will examine the VNISA: Vietnam Information Security Association.
Data protection-related laws between two different institutions of USA and China, here are opposites. The United States have agencies that investigate, research, and assist in the protection of information security and cybersecurity such as FBI, the United States Secret Service, and the Department of Homeland Security (US-CERT).
China
Currently, many countries of the world, including China, are developing their own theoretical framework in the field of data protection. China’s Ministry of Industry and Information Technology has issued a draft three-year action plan to develop the country’s cybersecurity industry, estimating the sector could be worth more than 250 billion Yuan ($38.6 billion) by 2023 (China Drafts New Cyber-Security Industry Plan). However, the main problem remains the lack of an international legal system that establishes norms and rules in this area at the legal level.
Methods of Data Collection
Any research begins with the collection of data on the problem under study. Data collection methods are of particular importance. The following approaches will be used in the study:
- a. Investigation, survey.
- b. Interview – Apply Design Method – Thinking
- c. Focus group discussion.
- d. Collect published secondary data sources.
- i. The economy SEA report on the digital economy and data protection sector in Southeast Asia.
Works Cited
Austin, Greg. “Corporate Cybersecurity.” Cybersecurity in China. Springer, 2018, pp. 65-79.
Chi, Dang Linh, and Pham Mai Nhu Thuy. “Vietnam’s Evolving Regulatory Framework for Fintech.” 2021.
“China Drafts New Cyber-Security Industry Plan.”Reuters, 2021.
Dong, Nguyen Quang, and Tong Khanh Linh. Shifting from Cybersecurity to Digital Safety. Institute for Policy Studies and Media Development, 2021.
Durakovskiy, Anatoly P., et al. “About the Cybersecurity of Automated Process Control Systems.” Procedia Computer Science, vol. 190, 2021, pp. 217-225.
Ervural, Beyzanur Cayir, and Bilal Ervural. “Overview of Cyber Security in the Industry 4.0 Era.” Industry 4.0: Managing the Digital Transformation. 2018, pp. 267-284.
Herrmann, Andreas, Walter Brenner, and Rupert Stadler. “Cyber Security and Data Privacy.” Autonomous Driving. 2018, pp. 141-149.
Hodgson, Geoffrey. “Introduction to the Douglass C. North Memorial Issue.” Journal of Institutional Economics, vol. 13, no. 1, 2017, pp. 1–23.
Lucas, Mark L. “Exploring the Strategies Cybersecurity Managers Recommend for Implementing or Transitioning to the Cloud.” Colorado Technical University, 2018.
Sunsteitf, Cass R. “The Rise of Behavioral Economics: Richard Thaler’s Misbehaving.” Revista de Economía Institucional, vol. 21, no.41, 2019, pp. 5-20.