Chương III Nghị định 47/2020/NĐ-CP: Thực hiện kết nối, chia sẻ, sử dụng dữ liệu

Chapter III

CONNECTION, DATA SHARE AND USE

Section 1. ORGANIZING CONNECTION AND DATA SHARE

Article 31. Connection and data share between ministries, ministerial agencies, Governmental agencies and agencies in provinces and central-affiliated cities

1. Prime Minister shall be responsible for directing data management, connection and share between ministries, sectors and local governments; promptly dealing with difficulties and complaints that arise during implementation of this Decree.

2. Ministry of Information and Communications is responsible for:

a) issuing legislative documents providing guidelines related to data management, connection and share;

b) expediting, assessing and examining connection and data share, compliance with regulations and law on connection and data share, acting as consultant for Prime Minister to deal with difficulties and complaints regarding data management, connection and share;

c) coordinating connection and data share between ministries, ministerial agencies, governmental agencies and agencies of provinces and central-affiliated cities on national data integration and sharing platform;

d) consolidating and publicizing statistical information on data sharing status of ministries, ministerial agencies, Governmental agencies and agencies of provinces and central-affiliated cities.

3. Ministries, sectors and local governments shall actively prepare necessary requirements, connect, provide data and utilize data to fulfill connection requirements and implement connection.

Article 32. Connection and data share within ministries, ministerial agencies, Governmental agencies and agencies of provinces and central-affiliated cities

1. Heads of ministries, ministerial agencies, Governmental agencies, Chairpersons of People’s Committees of provinces and central-affiliated cities are responsible for directing data management, connection and share within their ministries, sectors and local governments.

2. Entities specialized in information technology of ministries, ministerial agencies, Governmental agencies and agencies of provinces and central-affiliated cities are responsible for:

a) guiding data management, connection and share within their management;

b) monitoring, expediting, assessing and examining connection and data share between agencies and entities within ministries, ministerial agencies, Governmental agencies and agencies of provinces and central-affiliated cities; acting as consultants for heads of said bodies to deal with difficulties and complaints regarding data management, connection and share;

c) coordinating data share, instructing and assisting agencies and entities in connecting outside of ministries, ministerial agencies, Governmental agencies and agencies in provinces and central-affiliated cities under their management.

3. Agencies and entities in ministries, ministerial agencies, Governmental agencies and agencies in provinces and central-affiliated cities are responsible for organizing connection and preparing necessary requirements to satisfy connection conditions and implement connection and data share.

Section 2. DEFAULT DATA SHARE METHOD

Article 33. Preparation and implementation of data provision

Agencies providing data shall:

1. Determine and standardize data provided via default data share method.

2. Identify list of data shared in default method.

3. Develop data sharing services and documents guiding connection and data utilization.

4. Publicize data sharing services according to Article 25 of this Decree.

5. Receive connection request for using data sharing services and data utilizing services from agencies having the need to use data sharing services.

6. Implement connection and data share.

Article 34. Data shared in default share method

1. Data shared in default share method includes following data type:

a) Master data in national database;

b) Master data in databases of ministries, sectors and local governments;

c) Common schedule data;

d) Other data used by many regulatory agencies in the same data format, structure, standards and regulations.

2. Ministers, heads of ministerial agencies, Governmental agencies, Chairpersons of People’s Committees of provinces and central-affiliated cities must issue and review at least once every 6 months to update list of data shared in default method and consider gradual transition from sharing on a case-by-case basis to sharing in default method upon eligible.

Article 35. Submission of connection and data utilization request

1. Agencies and entities shall submit request for connection and data utilization online via the data sharing service management system. In case the data sharing service management system is not ready, submit request in appropriate form accepted by agencies providing data.

2. Contents of request for connection and data use:

a) Identity and name of requesting agencies and entities;

b) Identity and name of connection and data utilization applications (if necessary);

c) Purpose and solution to using data after utilization;

d) Contents of data requested for provision; specify name and quantity of information articles requested;

dd) Identification code, name of data sharing service;

e) Frequency of utilizing shared data;

g) Other necessary information (if any).

3. Within 5 working days from the date on which request is received, agencies providing data are responsible for creating accounts for connection and informing requesting agencies and entities. In case of rejection, provide written explanation.

Section 3. DATA SHARE ON A CASE-BY-CASE BASIS

Article 36. Rules of sharing data on case-by-case basis

1. Only share data by this method in case of unable to share data by default method.

2. Agencies providing data and agencies utilizing data must exchange and agree on details of connection, data share and utilization.

3. Agreed details on data share must be recorded in physical form, electronic form or on assisting information systems (if any).

4. Agencies that have not participated in sharing and utilizing data by following valid agreed details regarding sharing data shall have the rights to apply for participation and become parties to said details.

5. Agreed details regarding sharing data must be publicized for parties participating connection and data share and sent to competent agencies upon request.

Article 37. Preparation procedures for connection and data share

Agencies providing data and agencies utilizing data are responsible for cooperating in:

1. Reviewing demands, regulations, necessary conditions and activities to connect and share data.

2. Developing drafts of agreed details regarding sharing data.

3. Confirming (signing) agreed details regarding sharing data.

4. Implementing agreed details regarding sharing data.

Article 38. Agreed details regarding data sharing

1. List of agencies providing data and agencies utilizing and using data.

2. Data that shall be shared between agencies.

3. Location of data share and use.

4. Period of connection and data use.

5. Methods of sharing data.

6. Methods of handling after receiving data.

7. Conditions and restrictions in sharing and using shared data.

8. Commitments between agencies shall comply with regulations and law on protecting data and agreed details regarding sharing data.

9. Adopt security and verification measures applied to data transmission, storage and access.

10. Requirements related to storing data after sharing; data that arise from data processing after sharing during and after implementation period of agreed details regarding sharing data.

11. Methods of erasing and disposing data after sharing or erasing and disposing data at the time on which data sharing period terminates.

12. Other issues affecting data share agreed by agencies participating in sharing data.

Article 39. Connection, data share and use

Connection, data share and use shall comply with details regarding sharing data agreed upon by agencies. Any changes regarding agreed details during implementation shall be updated to serve as the basis for monitoring, supervising and handling difficulties.

Section 4. CONNECTION AND DATA SHARE MANAGEMENT

Article 40. Accounts and management of accounts for connection

1. Except for cases of sharing data without verifying agencies utilizing data (specified in issued policies on data utilization and use), connecting and data sharing with agencies utilizing data shall use accounts for connection with identification and verification methods suitable for agencies and organizations having the need for connection as per the law.

2. In case of connecting and sharing data via intermediate systems, bodies presiding database may authorize entities managing intermediate systems to manage and issue accounts for connection and data.

3. Issuance and verification of accounts for connection and data share must comply with regulations on data utilization and use related to shared database.

Article 41. Use period of data after utilization

1. Data utilized via sharing from databases has definite use period. Use period must be clearly displayed in regulations on utilizing and using data shared from said databases.

2. Use period of data shall be prescribed as follows:

a) Data utilized via methods specified in Point a Clause 1 Article 23 of this Decree may be used immediately after being utilized unless otherwise specified by the law;

b) Data utilized via methods specified in Point b Clause 1 Article 23 of this Decree may be used within definite period. Data use period shall start from the point of last synchronization from source databases to target databases. Upon expiration of data use period, data in target databases shall have no use value or be synchronized with source databases;

c) This data utilized following method specified in Point c Clause 1 Article 23 of this Decree shall be used multiple times within definite period. Upon the designated period expires, data shall no longer be usable.

Article 42. Data storage upon connection and utilization

Agencies utilizing data may store and use data in any of following cases:

1. To use data within period specified in Article 41 of this Decree.

2. To ensure efficiency of data utilization and use systems.

3. In case permitted by the law.

Article 43. Suspension of connection and data provision on cyber environment provided by agencies

1. Agencies providing data shall suspend providing data sharing services for all agencies utilizing data in following cases:

a) Upgrade, expansion or maintenance of information systems and information infrastructure;

b) In case force majeure interrupts services, connection or impacts operation of information system and data safety.

2. Agencies providing data shall suspend providing data for one or many agencies utilizing data in following cases:

a) The agencies utilizing data have violated regulations on data utilization and use;

b) Data connection is identified to potentially infringe safety or security.

3. In case of suspending connection or service provision according to Point a Clause 1 of this Article, agencies providing data must publicize on website at least 7 days before actively suspending provision of data sharing services, while announcing estimated period of restoring service provision after maintenance, upgrade or expansion of the information infrastructure. Upgrade, expansion and maintenance of systems must be conducted in the shortest period possible and impose minimum risks on agencies utilizing and using data due to interruption and suspension of data sharing service provision.

4. In case of force majeure specified in Point n Clause 1 of this Article, agencies providing data sharing services must announce in appropriate form and immediately adopt corrective measures.

5. With respect to cases specified in Clause 2 of this Article, agencies providing data shall inform agencies utilizing data within 1 day from the date on which violations are detected about following information:

a) Violations against regulations and actions to be taken against violations;

b) Necessary requirements to be taken to maintain or restore connection.

Article 44. Terminating connection and data share on cyber environment

1. Competent agencies providing data shall terminate connection and data share on cyber environment in following cases:

a) Current purpose of using data if agencies utilizing data no longer agrees with the original purpose;

b) Connection cannot be restored due to accidents incidents or objective conditions and agencies providing data can no longer continue to maintain data sharing services;

c) At request of competent agencies according to regulations and law;

d) Agencies utilizing data no longer wishes to continue connection and data utilizing or agreed details regarding sharing data expire.

2. Agencies utilizing data are responsible for fully fulfilling obligations (if any) in termination of connection and data share.

3. Agencies providing data are responsible for informing agencies utilizing data and relevant agencies about results of terminating connection and data share.

Article 45. Storing data share diary

1. Agencies providing data must record history of data request of agencies utilizing data and contents of data shared for agencies utilizing data to serve as the basis for comparing and handling issues relating to use of data after utilization.

2. Contents of recorded history include:

a) Time and method of requesting data and providing data;

b) Identity of agencies requesting data utilization;

c) Contents of request;

d) Ability to satisfy request; contents of shared data (if necessary);

dd) Other necessary information to serve as the basis to deal with complaints regarding using data.

3. Period of storing diary shall comply with regulations on data utilization and use.

Article 46. Form of connection and data share

Connecting and sharing data between information systems and databases shall comply with following order of priority:

1. Connection via intermediate systems: national platform for integration and data sharing; infrastructure for connection and data share in ministerial and provincial levels according to Electronic Government Structure Frame, structure of of electronic government and electronic authorities approved by competent authorities.

2. Connection between information systems and databases when intermediate systems are unavailable or presiding agencies of intermediate systems determine that the intermediate systems cannot satisfy connection and data share requirements.

Section 5. HANDLING DIFFICULTIES IN CONNECTION AND DATA SHARE

Article 47. Difficulties in connection, data share and utilization

Difficulties in management, connection and data share include:

1. Difficulties regarding rights and obligations in sharing and utilizing data as per the law.

2. Difficulties regarding infrastructure for connection and share.

3. Difficulties regarding application and compliance with standards and regulations on data.

4. Difficulties regarding quality of shared data and data use after being shared.

5. Difficulties regarding solutions of connecting and sharing data.

6. Other issues that affect management, connection and data share.

Article 48. Entitlement for receiving and dealing with difficulties

1. Agencies providing data are responsible for receiving and dealing with difficulties that arise during connection and use of data.

2. Ministers, heads of ministerial agencies, Governmental agencies and Chairpersons of People’s Committees are responsible for dealing with data share within the ministries, sectors and local governments.

3. Ministry of Information and Communications shall receive and deal with difficulties related to technical fields, technology and application of technical standards and regulations

4. Prime Minister shall direct to deal with difficulties regarding connection and data share between ministries, sectors and local governments.

Article 49. Procedures for dealing with difficulties

Except for cases in which handling difficulties has been specified in documents of competent authorities, procedures for dealing with difficulties shall be as follows:

1. Agencies utilizing data having difficulties in connection and data share shall request agencies providing data to guide dealing with difficulties. Within 7 working days from the date on which the request for solutions is received, agencies providing data must respond and provide guidance on dealing with difficulties.

2. In case difficulties are not dealt with after following Clause 1 of this Article, agencies having difficulties shall inform entities specialized in information technology of ministries, ministerial agencies, Governmental agencies and agencies of provinces and central-affiliated cities for consideration and solutions.

Within 7 working days from the day on which request for solution is received, entities specialized in information technology must instruct relevant agencies to adopt measures to deal with difficulties under their management or cooperate with relevant agencies in proposing measures and reporting to ministries, heads of ministerial agencies, Governmental agencies and Chairpersons of People’s Committees of provinces and central-affiliated cities.

3. In case of difficulties regarding connection and data share between ministries, sectors and local government or difficulties that cannot be dealt with after following Clause 2 of this Article, depending on the difficulties, ministers, heads of ministerial agencies, Chairpersons of People’s Committees of provinces and central-affiliated cities shall request Ministry of Information and Communication in writing to handle or report to Prime Minister for solutions.

Article 50. Solutions and compliance with solution

1. Principles of dealing with difficulties:

a) Ensure compliance with relevant law provisions;

b) Respect agreed details regarding sharing data of signing agencies (if any);

c) Ensure harmony in benefits of regulatory agencies, mutual interest and respect for solutions of relevant parties.

2. Relevant parties are responsible for complying with solutions provided by competent agencies.

3. Competent agencies capable of dealing with difficulties are responsible for examining compliance with the solutions.