Teleamazonas – The Government promotes a new mining policy to attract more investment

Teleamazonas - The Government promotes a new mining policy to attract more investment - CorralRosales - Lawyers Ecuador

DETAILS

DATE: 24-08-2021

CORRALROSALES IN THE NEWS:

Rafael Serrano

MEDIA: Teleamazonas

Ecuador launched a new mining policy. From 2018 to 2020, this sector paid USD 1,300 million in taxes. So far, in 2021, it has paid USD 421 million, with a projection of up to USD 1,600 million. Teleamazonas invited our experienced senior associate Rafael Serrano, a specialist in Environmental Law, to discuss this new policy.

“A fundamental rule for the development of the sector demonstrates the will of the Government and that of the Ecuadorian State to promote this industry that, if administered correctly, can bring great benefits,” adds Serrano.

The National Government, through decree 151, ordered to issue “the Action Plan for the Mining Sector of Ecuador.” Article 2 adds that “the State will be the generator and coordinator of public policies that promote the development of the mining sector, national and foreign investment, and the increase in exports of mining products.” For experts in the topic, this is a big step within the mining sector.

Serrano adds that “the objective is the development of environmentally and socially responsible mining, which protects investment, both national and foreign.” And, to conclude, he adds that what is needed is “stability and clear rules of the game so that investors know where to invest. These are investments of hundreds of millions of dollars ”.

If you want to see the video of the news, click here

Teleamazonas – CNT suffered a “highly sophisticated” cyberattack

Teleamazonas - CNT suffered a "highly sophisticated" cyberattack - CorralRosales - Lawyers Ecuador

DETAILS

DATE: 16-08-2021

CORRALROSALES IN THE NEWS:

Rafael Serrano

MEDIA: Teleamazonas

In July, CNT (National Telecommunications Corporation) was the victim of a cyberattack, the intentions of which are still unknown. Nevertheless, the attack puts the cybersecurity policies that all companies and institutions must have under scrutiny, and the topic became a talking point in Ecuador.

Teleamazonas wanted to have the opinion of our senior associate, an expert in new technologies and information security, Rafael Serrano, to offer a vision of what changes should be made to avoid future attacks.

Serrano affirms that “CNT and all public institutions must begin to have cybersecurity policies” since no one is exempt from risk, and besides, there are ways to prevent it.

After the situation and the CNT having been declared in emergency, decisions will be made regarding the equipment, given that, according to Byron Zapata, CNT’s surrogate manager, there are resources available.

“The right thing to do is to have different systems that can secure and diversify the information,” says Serrano. He also adds that “in this way, if someone has an attack or finds a problem, they have a backup in other systems, and the entire State continues to function.”

To conclude the interview, Serrano affirms that “according to Ransomware, it is only an attack, an attempt. So, therefore, they can’t take the appropriate measures unless they identify what happened or what the attackers are asking for.”

All the information that has been violated is not yet known in detail.

If you want to see the video of the news, click here

Idealex – Technological Tools in the Workplace

technological-tools-edmundo-ramos-rafael-serrano-idealex

DETAILS

FECHA: 24-11-19

PROFESIONALES EN LA NOTICIA: 

-Edmundo Ramos
-Rafael Serrano

MEDIA: Idealex

Most companies provide their employees with technological tools (“ICTs”) such as corporate email, mobile phone, and computers in order for them to fulfill their tasks. It is common for the worker to use them for personal purposes, resulting in situations of unauthorized use of work ICTs, or the incorrect handling of information owned by the employer.

Since the employer is the owner of the ICTs, he may establish limits for the proper use of them. Article 46 of the Ecuadorian Labor Code does not establish any laws regarding the treatment of information and the consequent right of the employer to access and control it. Nevertheless, the employer must respect constitutional rights granted for the protection of data, correspondence and privacy. 

The right to inviolability and secrecy protects the communications made by the worker. For this reason, the employer will not be able to access email or information contained in the company’s computer or cell phone without the worker’s consent.

Communications can also be protected by the constitutional right to personal data protection: “The right to personal data protection, which includes access to and decision on information and data of this nature, as well as their corresponding protection. The collection, archiving, processing, distribution, or transferring of this data or information will require the authorization of the holder or the mandate of the law.”

Personal data is all the data or information that makes a person identifiable. In general, corporate emails refer to names, surnames, or positions of the person to whom the email is assigned, just as the cell phone number is linked to a specific person. The definition of personal data would include both the email and the cell phone number. Therefore, since this information can be considered as personal data, the authorization of the holder is required to access and review this information. 

Finally, the right to privacy also protects the use and access to ICTs. The American Convention on Human Rights recognizes this right, which provides the following: “No one can be subjected to arbitrary or abusive interference in his private life, his family, his home or his correspondence, nor of illegal attacks on his honor or reputation.”

The Inter-American Court of Human Rights has indicated, “… The scope of privacy is characterized by being exempted and immune from abusive or arbitrary invasions or attacks by third parties or the public authority.” The right to privacy would apply to personal communications made by the worker using work ICTs.

The rules that define the use and control of technological tools must be in writing in the different legal documents of each company, in order to have the necessary support to sanction their misuse:

Employment Contract: the employer must establish in the employment contract the delivery of technological tools and the use of them. The contract shall also recognize the rights of the employer to recover the ICTs and obtain a backup of the information contained therein.

Internal Work Regulations: It is essential to incorporate in this document, rules that regulate the use of technological tools. Employers may establish sanctions in their Internal Labor Regulations for their misuse or the inclusion of employee’s data and personal information. The internal regulation must establish the ownership of the information contained in these tools, as well as the periodicity for monitoring or supervision.

Internal Policy of the Company: these documents must explain the rights and obligations that the workers have regarding the ICTs. The policies shall establish the right of the employer to access and obtain copies of all the information within these technological tools. Workers must be notified and informed to the worker.  

Delivery / Receipt certificate: At the time the technological tools are delivered, the employer must establish the limitations and conditions under which the tools are delivered. It is important to detail the physical state and the data content of the tools so that, at the time of their return, the worker is responsible for any deterioration not attributable to their normal use.

Training: The employer shall conduct training for workers regarding the importance and limitations of the use of technological tools.

In conclusion, technological tools facilitate the execution of the functions performed by the workers, but their use must be regulated in detail so that both the employer and the worker know the limits and the sheer work-related purpose that must be given to them. The adequate protection of the company’s ICTs and information that they contain will be possible only if there is clarity in the rights and obligations regarding the use of such tools.

Edmundo Ramos’s Bio:

Edmundo Ramos is a partner at CorralRosales. He has more than twenty-five years of expertise representing local and international clients in labor and social security matters. Edmundo leads the CorralRosales Labor Department and participates actively in the area of ​​Dispute Resolution in the management of labor disputes.

Rafael Serrano’s Bio:

Rafael Serrano is an associate at CorralRosales. He has more than five years of expertise in the TMT industry. He leads the Data Protection Department with an emphasis on personal data protection, electronic commerce, and emerging technologies.

If you want to read this article in Spanish, click here

EKOS – Personal data protection: legitimate means for handling data

proteccion-datos-personales-ekos-ecuador-abogados

DETAILS

DATE: 16-08-19

CORRALROSALES IN THE NEWS:: 

-Rafael Serrano
-Michael Wollman

MEDIO: Ekos Magazine

With the forthcoming issuance of the Personal Data Protection Law, companies must adapt their procedures to collect and carry out the appropriate handling of the personal data of their consumers or customers.

The correct handling of personal data is one of the main tools for companies to adequately market their products; not only to protect the personal information of their customers, but also to benefit their businesses.

The main purpose of the draft Law is to regulate the exercise of the right to protection of personal data, self-determination information, and circulation of this type of data (Article 1).

The legitimacy principle (Article 9) establishes the conditions or situations in which the collection and processing 1 of personal data by companies is legitimate and lawful:

  1. Consent of the personal data owner to the sharing of his information for a specific purpose.

The consent must be free, specific, unequivocal, prior and informed. A company may share someone’s personal data when he authorizes or gives consent knowing the purpose of the use of his information.

  1. Legal obligation for the sharing of personal data.

In this case, the law orders the company to share the personal data of an individual.

Example: The Labor Code requires employers to have certain personal information of their workers such as address, marital status, number of children, and some other relevant information. In this case the will of the data owner is irrelevant since it is the law that orders the sharing of this information.

  1. Contractual relationship.

A company can use the data of an individual with whom they have a contractual relationship. The limitation to this use is related to the data necessary for compliance with contractual obligations and may not exceed the limits established in the contract.

Example: In a contract of sale of goods, the company cannot use the data of the individuals to send commercial promotions, except if there is a clause in the contract that expressly authorizes the sending of such promotions.

1 The Personal Data Protection Law project defines the handling as any operation performed on personal data; this includes collection, conservation, modification, transfer, among other actions.

  1. 4. Vital interests of the owner.

The sharing of data of a person may be carried out if through this process the vital interests of the owner are protected, such as the protection of fundamental rights.

Example: A company can share the personal data of a person if it helps to save the life of the individual, such as in a medical emergency.

  1. Order of a judicial authority or resolution of competent authority.

If through a ruling or a decision of the competent authority the delivery or processing of personal data is ordered, the company will be bound to do so without facing negative consequences.

The legitimacy of the sharing and use of personal data is not given only by the consent of his owner. Companies must analyze in each particular situation which of the above mentioned scenarios the handling of personal data applies, thus complying with the principle of legitimacy.

If you want to read the news, press here