●​ Discuss what ‘s the measures to protect personal data from agencies and organizations that

process personal information?

●​ Discuss what ‘s Measures to protect personal data from cyber users? - Gia Hân

●​ Differentiate between cybersecurity and cybercrime; what are their impacts on the
e-commerce environment? - Hồng Khôi
●​ Discuss about the principle of the Law on Cyber Information Security "Individuals protect
their personal information" - Minh Đức
Let's break down these important aspects of personal data protection and cybersecurity.

Measures to Protect Personal Data from Agencies and

Organizations that Process Personal Information
Individuals have several rights and can take various measures to protect their personal
1
data held by agencies and organizations. These measures often align with data
protection laws and best practices:

Individual Actions:
●​ Be Informed:
○​ Read Privacy Policies Carefully: Understand what data is collected, how
it's used, who it's shared with, and for how long it's retained. Look for clear
and concise language.
○​ Ask Questions: If privacy policies are unclear, don't hesitate to contact
the organization's data protection officer or privacy team for clarification.
2
○​ Stay Updated: Organizations may update their privacy policies.
Regularly review these updates.
●​ Control Your Data:
○​ Provide Only Necessary Information: Be mindful of the data you share.
Only provide information that is strictly necessary for the service or
transaction.
○​ Limit Consent: Where possible, grant specific consent for data
processing purposes rather than broad, blanket consent.
○​ Exercise Your Rights: Understand and exercise your rights under data
3
protection laws (e.g., GDPR, CCPA, local laws). These rights may
include:
■​ Right to Access: Requesting a copy of your personal data held by
4
the organization.
 ■​ Right to Rectification: Correcting inaccurate or incomplete
5
personal data.
■​ Right to Erasure (Right to be Forgotten): Requesting the
6
deletion of your personal data under certain circumstances.
■​ Right to Restriction of Processing: Limiting how your data is
used.
■​ Right to Data Portability: Receiving your data in a structured,
7
commonly used, and machine-readable format.
■​ Right to Object: Objecting to the processing of your data for
8
specific purposes (e.g., direct marketing).
○​
○​ Manage Account Settings: Review and adjust privacy settings on online
platforms and services to control what information is collected and
9
shared.
○​ Opt-Out of Marketing Communications: Unsubscribe from newsletters
and promotional emails if you no longer wish to receive them.
●​ Be Security Conscious:
○​ Use Strong, Unique Passwords: Employ complex passwords for
10
different online accounts.
○​ Enable Two-Factor Authentication (2FA): Add an extra layer of security
to your accounts whenever possible.
○​ Be Cautious About Sharing Sensitive Information: Avoid sharing
sensitive data (e.g., social security numbers, financial details) through
11
unsecured channels.
○​ Monitor Your Accounts: Regularly check your bank statements and
12
online accounts for any suspicious activity.
●​ Complain and Seek Redress:
○​ Report Data Breaches or Privacy Violations: If you believe your data
has been mishandled or exposed, report it to the relevant organization and
the data protection authority in your jurisdiction.
○​ Seek Legal Advice: If your data privacy rights have been violated,
consider seeking legal counsel.

Legal and Regulatory Frameworks (External Measures):

While individuals have a responsibility, legal and regulatory frameworks play a crucial
13
role in ensuring organizations protect personal data. These include:

●​ Data Protection Laws: Laws like GDPR (Europe), CCPA (California), and
various national data protection laws establish rules for how organizations
14
collect, process, store, and share personal data. They grant individuals
15
specific rights and impose obligations on data controllers and processors.
●​ Data Protection Authorities (DPAs): These independent bodies are responsible
16
for overseeing and enforcing data protection laws. They investigate
17
complaints, provide guidance, and impose penalties for non-compliance.
●​ Sector-Specific Regulations: Certain industries (e.g., healthcare, finance) may
18
have additional regulations regarding the handling of sensitive personal data.
●​ Contractual Agreements: Organizations may enter into contracts that outline
data protection responsibilities and standards, especially when sharing data with
19
third parties.
●​ Security Standards and Certifications: Frameworks like ISO 27001 can
provide guidelines and certifications for organizations to implement robust
20
security measures.
●​ Data Breach Notification Laws: These laws require organizations to notify
individuals and regulatory authorities in the event of a data breach that
21
compromises personal information.

Measures to Protect Personal Data from Cyber Users

Protecting personal data from malicious cyber users requires a multi-layered approach
focusing on individual practices and technological safeguards:

Individual Actions:
●​ Strong Password Practices: Use strong, unique passwords for all online
accounts. Consider using a password manager.
●​ Enable Two-Factor Authentication (2FA): Activate 2FA wherever available to
22
add an extra layer of security beyond just a password.
●​ Be Wary of Phishing and Social Engineering:
 ○​ Don't Click Suspicious Links: Be cautious of links in emails, text
messages, or social media messages from unknown or suspicious
sources.
○​ Verify Sender Identity: If you receive a request for personal information,
verify the sender's legitimacy through official channels.
○​ Be Skeptical of Urgent Requests: Cybercriminals often use a sense of
23
urgency to trick users into taking immediate action.
●​ Keep Software Updated: Regularly update your operating system, web
browsers, antivirus software, and other applications to patch security
2425
vulnerabilities.
●​ Install and Maintain Antivirus and Anti-Malware Software: Use reputable
security software and keep its virus definitions up to date.
●​ Use a Firewall: Enable the firewall on your computer and router to block
26
unauthorized access.
●​ Secure Your Wireless Network: Use a strong password (WPA3 if possible) for
your Wi-Fi network and consider hiding your network name (SSID).
●​ Be Careful on Public Wi-Fi: Avoid accessing sensitive information on
27
unsecured public Wi-Fi networks. Consider using a Virtual Private Network
(VPN).
●​ Secure Your Devices: Use strong passwords or biometric authentication
(fingerprint, facial recognition) to protect your laptops, smartphones, and
28
tablets.
●​ Be Mindful of Social Media: Limit the amount of personal information you share
publicly on social media platforms. Adjust your privacy settings.
●​ Backup Your Data: Regularly back up important files to an external hard drive or
cloud storage to protect against data loss due to cyberattacks or hardware
29
failures.
●​ Educate Yourself: Stay informed about common cyber threats and how to
protect yourself.

Technological Safeguards (Often implemented by service providers but important

for individuals to understand):
●​ Encryption: Ensures that data is scrambled and unreadable without the correct
30
decryption key, both in transit (e.g., HTTPS) and at rest.
 ●​ Intrusion Detection and Prevention Systems (IDPS): Monitor network traffic
31
for suspicious activity and block potential attacks.
●​ Web Application Firewalls (WAFs): Protect web applications from common
32
attacks like SQL injection and cross-site scripting (XSS).
●​ Access Controls: Restrict access to sensitive data based on user roles and
33
permissions.
●​ Vulnerability Management: Regularly scan systems for security weaknesses
34
and patch them promptly.

Differentiate Between Cybersecurity and Cybercrime; What Are

Their Impacts on the E-commerce Environment?
Cybersecurity is the practice of protecting computer systems, networks, devices, and
35
data from digital attacks, damage, or unauthorized access. It encompasses the
technologies, processes, and practices designed to ensure the confidentiality, integrity,
36 37
and availability of information in the cyber domain. Cybersecurity is a defensive
38
discipline.

Cybercrime, on the other hand, refers to criminal activities carried out using computers,
39
networks, or other digital devices. These activities often target individuals,
organizations, or governments with the intent to steal information, financial gain, disrupt
40
services, or cause harm. Cybercrime is an offensive discipline from the perspective
of the perpetrator.

Key Differences:

Feature Cybersecurity Cybercrime

Objective To protect digital assets and ensure To commit illegal acts using digital
security. means.
 Nature Defensive, proactive, and reactive Offensive, malicious activities.
measures.

Actors Security professionals, Criminals, hackers, malicious

organizations, individuals. actors.

Legality Legal and ethical practices. Illegal and unethical activities.

Focus Prevention, detection, and response Exploitation of vulnerabilities for

to threats. illicit purposes.

Impacts on the E-commerce Environment:

Both cybersecurity and cybercrime have significant impacts on the e-commerce

environment:

Impacts of Cybercrime:
●​ Financial Losses: E-commerce businesses and customers can suffer significant
41
financial losses due to:
○​ Payment Card Fraud: Theft of credit card details leading to unauthorized
42
transactions.
○​ Account Takeover: Criminals gaining access to customer accounts to
43
make fraudulent purchases or steal funds.
○​ Online Scams and Phishing: Deceptive tactics to trick customers into
44
revealing sensitive information or making fraudulent payments.
○​ Data Breaches: Theft of customer data (personal information, financial
45
details) which can lead to identity theft and legal liabilities.
●​
●​ Reputational Damage: Data breaches and security incidents can severely
46
damage the reputation and customer trust of e-commerce businesses. Loss of
47
trust can lead to a decline in sales and customer attrition.
 ●​ Operational Disruptions: Cyberattacks like Distributed Denial-of-Service
(DDoS) can disrupt e-commerce websites and prevent legitimate customers from
48
accessing services, leading to lost revenue.
●​ Legal and Regulatory Consequences: E-commerce businesses that fail to
protect customer data can face significant fines and legal penalties under data
49
protection laws.
●​ Increased Operational Costs: Dealing with the aftermath of cyberattacks
50
(investigation, remediation, legal fees, customer support) can be costly.

Impacts of Cybersecurity:
●​ Building Customer Trust: Robust cybersecurity measures help build and
51
maintain customer trust, which is crucial for the success of e-commerce.
Customers are more likely to shop on secure platforms.
●​ Protecting Sensitive Data: Effective cybersecurity safeguards customer
payment information, personal details, and transaction history, preventing data
52
breaches and fraud.
●​ Ensuring Business Continuity: Strong security measures help prevent
disruptions to e-commerce operations caused by cyberattacks, ensuring
53
business continuity and revenue generation.
●​ Compliance with Regulations: Implementing appropriate cybersecurity
practices helps e-commerce businesses comply with data protection laws and
54
industry standards (e.g., PCI DSS for payment card processing).
●​ Maintaining a Competitive Edge: Businesses with a strong security posture
can gain a competitive advantage by demonstrating their commitment to
5556
protecting customer data.
●​ Reducing Operational Costs in the Long Run: Investing in cybersecurity can
57
prevent costly data breaches and security incidents in the future.

In essence, cybersecurity is essential for a thriving and trustworthy e-commerce

environment, while cybercrime poses a significant threat to its stability and
growth. E-commerce businesses must prioritize cybersecurity to protect themselves
58
and their customers from the detrimental impacts of cybercrime.
Discuss About the Principle of the Law on Cyber Information
Security "Individuals Protect Their Personal Information"
The principle "Individuals protect their personal information" within the Law on Cyber
Information Security (and similar data protection frameworks) highlights a crucial aspect
of data privacy: individuals have a primary responsibility to safeguard their own
59
personal data. This principle doesn't absolve organizations of their obligations to
protect the data they process, but it emphasizes the active role individuals must play in
maintaining their privacy and security in the digital age.

Key Aspects of this Principle:

●​ Individual Awareness and Responsibility: The principle underscores that
individuals need to be aware of the risks associated with sharing their personal
information online and offline. They are expected to take reasonable steps to
protect themselves. This includes:
○​ Being mindful of what information they share and with whom.
○​ Understanding privacy settings on online platforms.
○​ Using strong passwords and practicing good password hygiene.
○​ Being cautious of phishing attempts and social engineering tactics.
○​ Keeping their software and devices secure.
●​ Empowerment and Control: This principle, when coupled with data protection
rights, aims to empower individuals to have greater control over their personal
60
information. By being proactive in protecting their data, individuals can
exercise their rights more effectively (e.g., limiting consent, requesting deletion).
●​ Shared Responsibility: While individuals have a responsibility, this principle
does not imply that organizations are absolved of their duties. Data controllers
and processors still have legal and ethical obligations to implement appropriate
technical and organizational measures to protect personal data they collect and
61
process. The principle acknowledges a shared responsibility between
individuals and organizations.
●​ Education and Awareness Campaigns: The principle often necessitates public
education and awareness campaigns to inform individuals about data privacy
62
risks and best practices for protecting their information. Governments and
organizations have a role in providing this education.
●​ Limitations and Context: The extent to which individuals can effectively protect
their data is often limited by the complexity of online services, the asymmetry of
information between individuals and organizations, and the sophistication of
 cyber threats. Therefore, legal frameworks and organizational safeguards are
crucial to provide a baseline level of protection.
●​ Enforcement and Redress: While individuals are responsible for their own
actions, the legal framework should also provide mechanisms for enforcement
and redress when organizations fail to meet their data protection obligations. This
ensures that the principle of individual responsibility operates within a system of
accountability for data handlers.

In the context of the Law on Cyber Information Security (specific to a

jurisdiction):

The specific implementation and emphasis of this principle within a particular law will
vary. However, it generally implies that the law:
●​ Encourages individuals to be vigilant about their online security and privacy.
●​ May outline specific actions individuals are expected to take (e.g., reporting data
breaches they become aware of).
●​ Works in conjunction with other principles and provisions that mandate
organizational responsibilities for data protection.

In conclusion, the principle "Individuals protect their personal information" is a

fundamental aspect of modern data protection laws. It emphasizes the active role
individuals must play in safeguarding their digital lives while acknowledging the crucial
and often primary responsibility of organizations to implement robust security measures
and comply with legal obligations. It's a call for both individual diligence and systemic
protection.