The Superintendency of Industry and Commerce (‘SIC’) Colombia’s data protection agency, launched its Colombian Accountability Guidelines (the ‘Guidelines’). The first document of its kind in South America, the Guidelines are aimed at helping companies understand and implement Colombia’s Data Protection Regulation implemented in 2012, and reinforced by an additional regulation in 2013.

The advice mainly deals with the Colombian concept of ‘demonstrable responsibility’. This concept is akin to accountability and requires data controllers to be able to demonstrate that they have implemented appropriate measures to comply with Colombia’s data protection law, including by providing a description of the internal security procedures they have introduced and how the processed data is relevant to individuals. This concept has not been without critics, however, who raised concerns about how to comply and lead organisations to seek further guidance.
Continue Reading Colombia issues Accountability Guidelines to promote data protection compliance

MEXICO: New Privacy Notice Guidelines were introduced April 17, 2013, specifying the format and contents of privacy notices required for the direct or automated collection of personal data.

The Guidelines seek to enable data subjects to make free and informed choices, by ensuring that they are given information and an opportunity to consent and

This post was written by Cynthia O’Donoghue.

On October 17, 2012, Colombia enacted a new Data Protection Law which will regulate data collection and processing of personal data both within the Colombian territory and extraterritorially.

The law generally follows the EU approach including, amongst other provisions, cross-border data transfer restrictions where the destination country’s