During the week of February 25, 2019, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP participated in the meetings of the APEC Data Privacy Subgroup (“DPS”) and Electronic Commerce Steering Group (“ECSG”) in Santiago, Chile. CIPL enjoys formal guest status and a seat at the table at these bi-annual APEC privacy meetings.
On August 14, 2017, the Colombian Superintendence of Industry and Commerce (“SIC”) announced that it was adding the United States to its list of nations that provide an adequate level of protection for the transfer of personal information, according to a report from Bloomberg BNA. The SIC, along with the Superintendence of Finance, is Colombia’s data protection authority, and is responsible for enforcing Colombia’s data protection law. Under Colombian law, transfers of personal information to countries that are deemed to have laws providing an adequate level of protection are subject to less stringent restrictions (for example, prior consent for certain international transfers of personal information may not be required if a country’s protections are deemed adequate). This development should help facilitate the transfer of personal information from Colombia to the United States.
On April 8, 2015, the Federal Communications Commission announced a $25 million settlement with AT&T Services, Inc. (“AT&T”) stemming from allegations that AT&T failed to protect the confidentiality of consumers’ personal information, resulting in data breaches at AT&T call centers in Mexico, Colombia and the Philippines. The breaches, which took place over 168 days from November 2013 to April 2014, involved unauthorized access to customers’ names, full or partial Social Security numbers and certain protected account-related data, affecting almost 280,000 U.S. customers.
On July 12, 2013, during the Centre for Information Policy Leadership’s First Friday call, José Alejandro Bermúdez Durana, Deputy Superintendent for Data Protection for Colombia’s Superintendency of Industry and Commerce, discussed the secondary regulations issued on June 27, 2013 to implement Colombia’s omnibus data protection law enacted in 2012. The Deputy Superintendent discussed key aspects of the regulations, and provided information regarding additional regulations that are needed to implement binding codes of conduct.
On June 27, 2013, the Colombian Ministry of Commerce, Industry and Tourism issued regulations pursuant to the country’s new data protection law. The regulations, entitled Decreto Número 1377 de 2013, por el cual se reglamenta parcialmente la Ley 1581 de 2012, address a variety of topics, including the following:
- Consent requirements relating to the collection of personal data;
- Restrictions on the processing of children’s personal data;
- Content and delivery of privacy notices;
- Cross-border data transfer restrictions;
- Data transfer agreements;
- Internal privacy policies and mechanisms for implementing them;
- Rules for the processing of sensitive personal data, including biometric data;
- Data subjects’ rights; and
- Applicability of the new rules to previously collected personal data.
On June 6, 2013, a group of 300 gathered in Santa Marta, Colombia, the second oldest city in South America, for the First Latin America Congress on Data Protection. The Congress was organized by Colombia’s data protection authority, the Superintendency of Industry and Commerce, and the Centre for Information Policy Leadership at Hunton & Williams LLP. “Latin America is very important to Centre member companies, and education is a key element of the Centre’s Latin America Project. So, we were very pleased to help the Superintendent organize the program,” said Centre President Marty Abrams.
On April 5, 2013, during the Centre for Information Policy Leadership’s First Friday call, Centre President interviewed José Alejandro Bermúdez Durana, Deputy Superintendent for Data Protection for Colombia’s Superintendency of Industry and Commerce, and asked about the progress of Colombia’s new data protection law. Enacted in October 2012, the law provided a six month grace period for companies to prepare to comply with new requirements, which are expected to be implemented on April 18, 2013. The final regulation will be published thereafter. The Deputy Superintendent discussed industry cooperation and said that the regulation’s language on consent will be flexible.
On October 17, 2012, Colombia enacted a new omnibus data protection law known as Ley 1581 del 17 de octubre de 2012 por el cual se dictan disposiciones generales para la protección de datos personales. The law contains significant notice and consent requirements, special provisions for the processing of children’s data, European-style data subject rights (e.g., access and correction), special obligations applicable specifically and directly to service providers, a registration requirement and cross-border data transfer restrictions. The law also provides for the creation of a data protection authority within the Superintendency of Industry and Commerce.
On November 2, 2011, following welcome comments by Federal Institute for Access to Information and Data Protection (“IFAI”) Commissioner Jacqueline Peschard, the 33rd International Conference of Data Protection and Privacy Commissioners opened in Mexico City with an examination of the phenomenon of “Big Data” as a definer of a new economic era. In a wide-ranging presentation, Kenneth Neil Cukier of the Economist drew into clear relief the possibilities and problems associated with combining vast stores of data and powerful analytics. He highlighted the growing ability to correlate seemingly unrelated data sets to predict behavior, reveal trends, enhance product performance and safety and derive meaning. In his remarks Cukier noted that, in an era of Big Data, much of the decision-making about data collection and use goes beyond traditional notions of privacy, touching on ethics and free will. Noting that the printing press led to the development of free speech laws, he left open the question of how Big Data may change the legal landscape.
On November 2-3, 2011, Mexico’s Federal Institute for Access to Information and Data Protection (“IFAI”) will host the 33rd International Conference of Data Protection and Privacy Commissioners in Mexico City. Marty Abrams, President of the Centre for Information Policy Leadership at Hunton & Williams LLP, is the chairman of the Conference’s advisory panel and principal advisor to Conference organizers on program content. Hunton & Williams is a proud sponsor of the event which will feature Hunton representatives as speakers or moderators on multiple panels and plenary sessions, including the following: