On August 15, 2022, the government published Decree No. 53/2022/ND-CP detailing a number of articles of the cybersecurity law.
Accordingly, article 27 of this decree clearly states that to keep a system log for a minimum period of 12 months to serve the investigation and treatment of violations of the cybersecurity law as prescribed in point b, clause 2, article 26 of the law on cybersecurity.
In particular, point b of Article 26 of the Cybersecurity Act prescribes blocking the sharing of information and deleting information on service platforms or information systems after receiving a request from professional cybersecurity protection forces as follows:
– Information in cyberspace with propaganda content against the state such as distorting information, defaming the administration of authority, offending the nation, desecrating the national flag, emblem or anthem, great personalities, leaders, celebrities and national heroes…
– Information in cyberspace inciting riots or disturbances of security or public order.
– Information in cyberspace with dishonorable or slanderous content includes:
- Information seriously damaging the honor, prestige or dignity of others
- Fabricated or false information that damages the honor, prestige or dignity of other people or damages the rights and legitimate interests of other agencies, organizations or individuals.
– Information in cyberspace undermining the order of economic management includes:
Fabricated or false information in cyberspace causing public anxiety, harming socio-economic activities, causing difficulty in the activities of state agencies or persons on official duty…
In addition, Executive Order 53 also requires companies providing services over telecommunications networks to maintain the following information as records: account name, time of use, credit card information, email address, address nearest connection and disconnection network, registered telephone number… of users within a minimum period of 24 months. This circular comes into force on October 1, 2022.