Privacy Law at Colombia
Colombia's data protection framework is primarily governed by Law 1581 of 2012, also known as the Habeas Data Law. This legislation establishes the legal framework for the collection, storage, use, and transfer of personal data, ensuring the protection of individuals' privacy rights.
📋 Key Aspects of Law 1581 of 2012
1. Definition of Personal Data
Personal Data:Any information related to an identified or identifiable natural person
Sensitive Data:Includes data that affects the privacy of the individual or whose improper use may lead to discrimination, such as racial or ethnic origin, political orientation, religious or philosophical beliefs, union membership, health data, sexual life, and biometric data
2. Rights of Data Subjects
Individuals have the right to:
Access:Obtain confirmation about whether their personal data is being processed
Rectification:Request correction of inaccurate or incomplete data
Erasure:Request deletion of data when it is no longer necessary for the purposes for which it was collected
Revocation:Withdraw consent for data processing at any time
Portability:Receive their data in a structured, commonly used, and machine-readable format
3. Obligations of Data Controllers and Processors
Consent:Obtain explicit authorization from data subjects before processing their personal data
Transparency:Inform data subjects about the purpose of data collection and their rights
Security: Implement appropriate measures to protect personal data from unauthorized access, loss, or misuse
Accountability: Maintain records of data processing activities and comply with regulatory requirements
4. Data Transfers
International Transfers: Personal data may be transferred to other countries only if the recipient country ensures an adequate level of data protection or if the data subject has given explicit consent
5. Enforcement and Penalties
Superintendence of Industry and Commerce (SIC): The SIC is the regulatory authority responsible for overseeing compliance with the data protection law
Sanctions: The SIC can impose fines up to 2,000 legal minimum monthly wages (approximately USD $574,000), suspend data processing activities, or order the closure of operations involving sensitive data
Criminal Penalties: Violations such as unauthorized access to databases or unauthorized data transfers can result in imprisonment ranging from 48 to 120 months and fines up to 1,500 legal minimum monthly wages (approximately USD $430,000)
RELATED Blog
0 comments