Data Security in Latin America Is on the Move!
In addition to being a hotbed for economic activity and the focus of upcoming Olympic Games, governments are focusing on protecting the data of their citizens and local companies. Organizations are concerned about internal safeguards as well as potential hacking at the hands of organizations such as the Packrat Gang which has been targeting South American organizations by embedding remote access Trojans in their networks.
Data protection frameworks are evolving and here are some examples of countries which have been active in this area.
Mexico’s Federal Law on Protection of Personal Data Held by Private Parties was enacted in 2010. Although it does not require registration of databases containing Personal Information, it is making an impact. A fine of 16.2 million Mexican pesos was levied on Banamex, Mexico’s second largest bank, for privacy law violations. Additionally, Telcel, a cellular company, was fined 10 million Mexican pesos for the misuse of frequent contact phone numbers.
Columbia’s General Provisions for Personal Data Protection, prohibits the transfer of personal information to countries outside Colombia that do not provide an adequate level of data protection. Redcord, an umbilical cord stem cell bank, was fined $50,000 for privacy law violations involving the use of sensitive personal information for marketing purposes without the individual’s consent.
Peru’s Law for Personal Data Protection restricts cross-border transfers of personal data unless the importer of the data assumes the same obligations as the exporting organization. The law also established data security breach notification requirements. A fine was levied against DATOSPERU.ORG of approximately $78,600 for publishing sensitive personal information without consent.
Brazil is also working on draft privacy legislation. It would apply to the processing of personal information regardless of the country in which the organizations are headquartered and the country in which the databases are located, provided that the processing is carried out in Brazil or the personal information is collected within Brazil (e.g., the individual is located in Brazil at the time the data are collected). The proposed scope of the law appears to cover outsourced data processing in Brazil and, as a result, may impose a complex and burdensome set of rules on such activities.
Latin America is showing that it will not be outdone by either the United States or the European Union when it comes to being at the forefront of a global data protection ecosystem. It will be a full partner.
Delphix Corp. Joseph.Santangelo@delphix.com