According to Article 17, Law on Cyber Information Security 2015, the collection and use of personal information are regulated as following:




1. Organizations and individuals that process personal information shall:

a/ Collect personal information only after obtaining the consent of its owners regarding the scope and purpose of collection and use of such information;

b/ Use the collected personal information for purposes other than the initial one only after obtaining the consent of its owners;

c/ Refrain from providing, sharing or spreading to a third party personal information they have collected, accessed or controlled, unless they obtain the consent of the owners of such personal information or at the request of competent state agencies.

2. State agencies shall secure and store personal information they have collected.

3. Owners of personal information may request personal information-processing organizations and individuals to provide their personal information collected and stored by the latter.