Appointment of Data Protection Authority

On March 28, 2024, the Council of Citizen Participation and Social Control (CPCCS) appointed Fabrizio Roberto Peralta Díaz as the Data Protection Authority for 2024-2029.

During the presentation of his work plan, Mr. Peralta highlighted his experience in data protection and proposed the following:

i.    Implement an educational vision in the Authority.

ii.    Generate inter-institutional relations by creating awareness of administrative, legal, and technical security measures related to data protection.

iii.    Create technical dependencies responsible for registration, policy planning, and sanctions.

iv.    Promote prevention, protection, and transparency as fundamental principles.

v.    Ensure the appropriate use of resources under the Transparency and Access to Information Law.

The CPCCS must submit the resolution designating the Data Protection Authority to the Legislative for his possession.

 

DISCLAIMER: The previous text has been prepared for informational purposes. CorralRosales is not responsible for any loss or damage caused as a result of having acted or stopped acting based on the information contained in this document. Any additional determined situation requires the specific opinion and concept of the firm.

 

CORRALROSALES

El Universo – How to protect from data thieves?

el-universo-how-to-protect-from-data-thieves-lawyers-ecuador

DETALLES

DATE: 26-08-2020

CORRALROSALES IN THE NEWS:

-Rafael Serrano

MEDIA: El Universo

The Ecuadorian newspaper “El Universo”  has published  in its magazine an article by Rafael Serrano Barona who is an associate of CorralRosales. He participates as an interviewee on how to protect from data theft, which is becoming increasingly common on the internet. It is not difficult to find someone -or even yourself- who has suffered a virtual attack called phishing, a term used to refer to one of the most used methods in the digital age to scam internet users to obtain confidential information, such as a password or something even more serious like bank information.

The Ecuadorian newspaper “El Universo”  has published  in its magazine an article by Rafael Serrano Barona who is an associate of CorralRosales. He participates as an interviewee on how to protect from data theft, which is becoming increasingly common on the internet. It is not difficult to find someone -or even yourself- who has suffered a virtual attack called phishing, a term used to refer to one of the most used methods in the digital age to scam internet users to obtain confidential information, such as a password or something even more serious like bank information.

Another issue to monitor is the domain to which the web page we are going to access belongs. If it is made up of numbers, it has a greater chance of being a hoax and we should not access it under any circumstances. The same happens with links that do not contain words related to the information that is going to be found in it.

Special care must also be taken with the attached files. Mostly directly executable file formats such as “ .exe ” , ” .bat ” or ” .cmd ” are especially dangerous. You should also be careful with Office format files (.docx, .xlsx or .pptx), which may contain macros.

Our associate Rafael Serrano, who is also the Vice President of the Ecuadorian Association for Data Protection, explains in this article what happens with data protection in Ecuador, since in this country there is no Data Protection Law that regulates these activities; this makes things easier for data thieves to act.

“Currently a bill is being discussed in the National Assembly that is being analyzed by the Commission for Sovereignty, Integration, International Relations and Integral Security. The Bill was presented by the President of the Republic Lenín Moreno. The Bill is quite complete. It follows the guidelines of the European General Data Protection Regulation, which in turn is the most important regulation on the matter ”, Rafael adds.

When asking Serrano about the need for a law of these characteristics, he details the importance of having such legislation since recent cases of data leaks by Ecuadorians have demonstrated the lack of control and regulation in this matter. Additionally, the Constitution approved in 2008 recognizes the autonomous right to data protection (art. 66 # 19). To date, we do not have a regulation that adequately regulates and develops the exercise of said right.

For now, we just have to wait.

If you want to read the full article, click here 

EKOS – Personal data protection: legitimate means for handling data

proteccion-datos-personales-ekos-ecuador-abogados

DETAILS

DATE: 16-08-19

CORRALROSALES IN THE NEWS:: 

-Rafael Serrano
-Michael Wollman

MEDIO: Ekos Magazine

With the forthcoming issuance of the Personal Data Protection Law, companies must adapt their procedures to collect and carry out the appropriate handling of the personal data of their consumers or customers.

The correct handling of personal data is one of the main tools for companies to adequately market their products; not only to protect the personal information of their customers, but also to benefit their businesses.

The main purpose of the draft Law is to regulate the exercise of the right to protection of personal data, self-determination information, and circulation of this type of data (Article 1).

The legitimacy principle (Article 9) establishes the conditions or situations in which the collection and processing 1 of personal data by companies is legitimate and lawful:

  1. Consent of the personal data owner to the sharing of his information for a specific purpose.

The consent must be free, specific, unequivocal, prior and informed. A company may share someone’s personal data when he authorizes or gives consent knowing the purpose of the use of his information.

  1. Legal obligation for the sharing of personal data.

In this case, the law orders the company to share the personal data of an individual.

Example: The Labor Code requires employers to have certain personal information of their workers such as address, marital status, number of children, and some other relevant information. In this case the will of the data owner is irrelevant since it is the law that orders the sharing of this information.

  1. Contractual relationship.

A company can use the data of an individual with whom they have a contractual relationship. The limitation to this use is related to the data necessary for compliance with contractual obligations and may not exceed the limits established in the contract.

Example: In a contract of sale of goods, the company cannot use the data of the individuals to send commercial promotions, except if there is a clause in the contract that expressly authorizes the sending of such promotions.

1 The Personal Data Protection Law project defines the handling as any operation performed on personal data; this includes collection, conservation, modification, transfer, among other actions.

  1. 4. Vital interests of the owner.

The sharing of data of a person may be carried out if through this process the vital interests of the owner are protected, such as the protection of fundamental rights.

Example: A company can share the personal data of a person if it helps to save the life of the individual, such as in a medical emergency.

  1. Order of a judicial authority or resolution of competent authority.

If through a ruling or a decision of the competent authority the delivery or processing of personal data is ordered, the company will be bound to do so without facing negative consequences.

The legitimacy of the sharing and use of personal data is not given only by the consent of his owner. Companies must analyze in each particular situation which of the above mentioned scenarios the handling of personal data applies, thus complying with the principle of legitimacy.

If you want to read the news, press here