Personal data protection required for online insurance services from July 1, 2026

This is one of the provisions of Circular No. 96/2026/TT-BTC, dated July 2, 2026, amending Circular No. 67/2023/TT-BTC, guiding the Law on Insurance Business.

According to Article 7 of Circular No. 67/2023/TT-BTC, as amended and supplemented by Article 2 of Circular No. 96/2026/TT-BTC, any insurer, foreign non-life insurer’s branch, mutual organization providing microinsurance, insurance broker or insurance agent that provides insurance services and products online must satisfy the requirements in terms of services, technology, confidentiality and data retention as specified in the laws on electronic transactions, data, cybersecurity, e-commerce and relevant laws.

Notably, these organizations and individuals must formulate and issue internal regulations stipulating the distribution of insurance services and products online. Such internal regulations must include the following main contents: a description of transaction processes; risk control and cybersecurity measures; the rights and obligations of related parties; complaint and dispute settlement mechanisms; personal data protection policies; incident response plans and backup systems; data retention; and measures for handling acts of non-compliance with the internal regulations.

Personal data protection required for online insurance

Accordingly, compared with the current regulations, Circular No. 96/2026/TT-BTC places greater emphasis on the requirement to adopt personal data protection policies when providing insurance services and products online. This is an important requirement for insurers, insurance brokers and insurance agents as the provision of insurance products and services through online channels continues to expand.

In addition, under Clause 2, Article 2 of Circular No. 96/2026/TT-BTC, Clause 7, Article 7 of Circular No. 67/2023/TT-BTC has also been amended to require insurers, foreign non-life insurers’ branches, mutual organizations providing microinsurance, insurance brokers and insurance agents to classify and take measures to secure the respective information system in accordance with the laws on cybersecurity, security of information systems by classification and electronic transactions in financial activities.

Rate:
(0 rated)
For further support, please call 19006192

SAME CATEGORY

See more