From the fear of information leakage
Previously, when leaving a job, employees often only cared about closing social insurance books or receiving severance allowances. Few people expected that sensitive information such as citizen identification numbers, bank accounts, medical records, work performance evaluations, and even private home addresses would still remain in the old company's server.
Ms. Nguyen Thi Lan Anh (30 years old, permanently residing in Thanh Xuan ward, Hanoi) said: "I have quit my job at a life insurance company for 2 years now, but sometimes I still receive calls inviting me to borrow capital and buy insurance, and the caller knows exactly my name and old position. I suspect that my personal data has been leaked from the old human resources management system".
Mr. Nguyen Van Huy - sales staff of a household appliance and kitchen appliance company in Ngoc Ha ward (Hanoi) also shares the same skepticism when he has quit his job for nearly 1 year but has been continuously invited to borrow capital and participate in securities investment groups. "Indeed, the caller even knows my income when I was still working, my marital status. I am extremely concerned about this situation," Mr. Huy shared.
Mr. Le Minh Hai, a legal expert on labor, analyzed: "The right to erase traces is not simply to erase a name line on Excel. It must include requiring the old business to destroy or permanently erase digital data, paper records related to privacy, biometric information and sensitive personnel assessments after the two parties complete their settlement obligations.
Mr. Hai further emphasized that this regulation also applies to unsuccessful candidates. Businesses after interviewing, if they do not choose candidates, must be responsible for deleting their resumes (CV) after a certain period of time instead of arbitrarily keeping them to "use gradually" or share with third parties.
Right to "erase traces
From 2026, with the strict implementation of regulations on personal data protection according to the 2025 Law on Personal Data Protection, the concept of "the right to delete" has changed many old regulations. Accordingly, businesses are not allowed to store personal data of employees beyond the necessary time limit to serve the agreed purposes, unless otherwise provided by law (such as tax and insurance records).
Ms. Tran Thu Ha - human resources director of a FDI company in Hung Yen said that from 2026, her company must review the entire storage system.
Previously, employee resignation records were often placed in a corner in the warehouse or stored on the cloud for a limited time. Now, the system must automatically warn and execute deletion orders when due to avoid data violation penalties," Ms. Ha said.
Also according to Ms. Ha, data security is currently considered part of business ethics. Businesses that well comply with the right to remove traces will build great prestige and attract talent in the context that workers are increasingly knowledgeable about the law and value privacy.
From January 1st, 2026, personal data of employees who quit their jobs must be deleted
Clause 2, Article 25 of the 2025 Law on Personal Data Protection stipulates the responsibility of protecting personal data of agencies, organizations, and individuals in managing and using employees as follows:
a) Compliance with the provisions of this Law, laws on labor, employment, laws on data and other relevant legal regulations;
b) Personal data of employees must be stored for a period of time according to the provisions of law or according to agreement;
c) Must delete or destroy personal data of employees when terminating the contract, except as agreed or otherwise prescribed by law.
Thus, unless there is an agreement or the law has other regulations, in all other cases, the employer must delete or destroy the personal data of the resigned employee.
