As the Lao PDR continues to regulate and govern the use of information and communication technology in business, companies should undertake an audit of their systems and processes to ensure compliance with recent regulations issued by the Government of Lao PDR.
Over the last 5 years, the Government of the Lao PDR has enacted a slew of technology and data related laws including: (i) the Law on Electronic Transactions (No. 02/NA, 7 December 2012); (ii) Law on Prevention and Combating of Cyber Crime (No. 61/NA, 15 July 2015); (iii) Law on Information and Communication Technology (No. 02/NA, 7 November 2016); and (iv) Law on the Protection of Electronic Data (No. 25/NA, 12 May 2017).
More recently, the Ministry of Post and Telecommunications has issued the Instruction on Computer Security (No. 3623/MPT, 11 December 2017) (“Instruction”) under Law on Prevention and Combating of Cyber Crime. The Instruction outlines the minimum standards to be adhered to by businesses on: (i) setting up and protecting networks; (ii) managing and using networks; (iii) maintaining security standards; (iv) coordination and cooperation with the Computer Emergency Prevention and Solution Center in case of emergencies; and (v) monitoring of cyber threats.
With respect to electronic data, under the Law on the Protection of Electronic Data, data managers (which includes individuals, businesses or legal entities which manage electronic data) need to consider what authorizations and processes are required to be followed for: (i) data collection; (ii) maintenance of electronic data; (iii) utilization and dissemination of electronic data; (iv) domestic or international transmission and transfers of electronic data; and (v) deleting electronic data.
If you have any queries relating to the IT security standards or the collection, maintenance, use, transfer and deletion of data please reach out to Kristy Newby.
Country Managing Director, Lao PDR