Creation and Evolution of the Colombian DPA

Similar documents
A Best Practice Guide

THE CAPITAL MARKETS INSURANCE AND SAVINGS DIVISION Annual Report JERUSALEM, DECEMBER 2013

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS

insurance bulletin unlicensed insurance in Canada

Privacy in the Cloud A Microsoft Perspective

The Announcement provides an overview of the IRS s use of private collection agencies (PCAs) in 2006

Privacy Bulletin. Key Differences between US and Canadian Anti-Spam Laws

Consultation on Canada's International Education Strategy

Five-Year Strategic Plan

Open Data & Libraries (in Canada)

MISSION: To ensure the protection and safety of navigation in Canadian waters.

GROUP POLICY MANUAL CODE OF CONDUCT AND ETHICS POLICY

Cloud Computing: Privacy and Other Risks

PIPEDA and Online Backup White Paper

Training Sessions for Clients. UNITED STATES CANADA MEXICO POLAND CHINA millercanfield.com

Eugene Low. Data breach notification in Hong Kong: Why is it important for companies?

Right to Financial Privacy Act

Municipal Code of the City of Battle Creek, Nebraska CHAPTER 2 COMMISSIONS AND BOARDS

The Canadian Public Venture Exchange S and E

Oran Home Care Support Service Care at Home Birkbrae Blebo Craigs Cupar KY15 5UG

B2B Business Relations and Consent Requirements under the New Canadian Anti-Spam Law

THE CRIMINAL JUSTICE RESPONSE TO CORRUPTION (IN THE CONTEXT OF NEPAL)

XANGATI END USER SOFTWARE LICENSE TERMS AND CONDITIONS

The Canadian Public Accountability Board ( CPAB ), based on its obligations and authority under Canadian federal and applicable provincial laws; and

South East Asia: Data Protection Update

Merchants and Trade - Act No 28/2001 on electronic signatures

HIPAA Hot Topics. Audits, the Latest on Enforcement and the Impact of Breaches. September Nashville Knoxville Memphis Washington, D.C.

Care service inspection report

The Other Side of CFPB Compliance

THE PEOPLE OF THE STATE OF MICHIGAN ENACT:

DEPARTMENT OF TAXATION AND FINANCE SECURITY OVER PERSONAL INFORMATION. Report 2007-S-77 OFFICE OF THE NEW YORK STATE COMPTROLLER

Maryland. Note: Current to March 19, 2015

DISCUSSION PAPER Occupational Health and Safety Administrative Penalties Review. Department of Labour and Advanced Education

IFIAR 2015 Member Profile - PCAOB

How To Protect Student Data In Wyoming

10. BUILDING AN EFFECTIVE ENFORCEMENT PROGRAM

Assist Members in developing their own national arrangements through being able to draw on and hence benefit from the experience of other members;

Philadelphia Board of Ethics Advice of Counsel GC

Safety Deposit Current Accounts Bill

Corporate Governance Code for Shareholding Companies Listed on the Amman Stock Exchange

The Law of the City of Moscow. No. 30 dated the 30 th of June On the Chamber of Control and Accounts of Moscow

APPENDIX FOR U.S. SECURITIES TRADING

INSIDER TRADING AND BLACKOUT POLICY

Guidelines for the use of electronic signature

CITY OF HOUSTON. Executive Order. Information Technology (IT) Governance

Texas House Bill 300 & HIPAA. A MainNerve Whitepaper

Regulatory Impact Statement for Third Amendment to 11 NYCRR 136 (Insurance Regulation 85).

AUDITING AND ENFORCEMENT AT THE SPANISH DPA. EXPERIENCE WITH OUTSOURCING TO COUNTRIES WITH A NON ADEQUATE LEVEL OF PROTECTION

Navigating ISO 9001:2015

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

South Dakota Parental Rights and Procedural Safeguards

PUBLIC ADMINISTRATION AND PUBLIC POLICY Vol. II - Ethics in Public Organizations - Kathryn G. Denhardt

T H E G O V E R N M E N T

SAMPLE RETURN POLICY

Nuclear Regulatory Organization Changes in Korea

Registration and Regulation of Investment Advisers. Presented by Chris Salter

CHIEF OF INVESTIGATIONS

BEST CORPORATE PRACTICES IMPLEMENTATION REPORT ISSUER'S COMPANY NAME PRINCIPAL REGISTERED AGENT CARLOS ARTURO LONDOÑO GUTIÉRREZ

State of New York - Department of Law

4.01. Auto Insurance Regulatory Oversight. Chapter 4 Section. Background. Follow-up to VFM Section 3.01, 2011 Annual Report

Foreign Corrupt Practices Act Amendments 1

109TH CONGRESS 1ST SESSION. discourage spyware, and for other purposes. To amend title 18, United States Code, to AN ACT H. R. 744

DRAFT. Corporate Governance Principles for Caribbean Countries

COMPLAINTS IN RETIREMENT HOMES

Dedicated to Becoming an Even More Trustworthy Group

STATEMENT OF ANNE L. RICHARDS ACTING DEPUTY CHIEF OPERATING OFFICER DEPARTMENT OF HOMELAND SECURITY OFFICE OF INSPECTOR GENERAL BEFORE THE

EDUCATION AND CULTURE - REGULATION OF PRIVATE TRADE SCHOOLS

The False Claims Act: An Example of U.S. Whistleblower Laws

Sector Development Ageing, Disability and Home Care Department of Family and Community Services (02)

Internal Code of Conduct for Treasury Stock Transactions by CaixaBank S.A. and its Group of Companies

Substitute Senate Bill No Public Act No AN ACT CONCERNING EMPLOYEE ONLINE PRIVACY.

ASSEMBLY BILL No. 2036

Cloud Computing: Privacy & Jurisdiction from a Canadian Perspective

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

Update on Company Law. Hong Kong Arts Administrators Association 10 th March :00pm 4:00pm

Evaluating Brazilian Electricity Regulation for Legitimacy, Independence and Accountability

This agreement applies to all users of Historica Canada websites and other social media tools ( social media tools or social media channels ).

SASKATCHEWAN INFORMATION AND PRIVACY COMMISSIONER REVIEW REPORT 024/2015. Financial and Consumer Affairs Authority

Personal Data (Privacy) Ordinance and Electronic Health Record Sharing System (Points to Note for Healthcare Providers and Healthcare Professionals)

***IMPORTANT INFORMATION***

Management Advisory Report: No Violations of the Fair Debt Collection Practices Act Resulted in Administrative or Civil Actions (Fiscal Year 2001)

Why Nonprofits Need Nonprofit Accounting Software

California Fish and Wildlife Strategic Vision Project Governance and Mission Working Group Issues Framework

Corporate Governance for Raising Corporate Value

Credit Information Business Act B.E. 2545

Big Data, Big Risk? Data Management and Privacy. Presented by: Timothy Banks, Heather Innes, and Colonel Vihar Joshi

How To Ensure That A Quality Control System Is Working Properly

SENATE STAFF ANALYSIS AND ECONOMIC IMPACT STATEMENT

TOWN OF COMOX BYLAW NO A BYLAW TO REGULATE THE DISCHARGE OF FIREWORKS IN THE TOWN OF COMOX

Application by Quebec Police Organizations:

How To Support The Justice System In Canada

INCORPORATING A COMPANY IN CAMBODIA

Guidance Note. on the. Use of Internet for Insurance Activities

CONTENT OF THE AUDIT LAW

Evidence-informed regulation The ACMA approach

HIPAA and Mental Health Privacy:

Privacy Policy. 30 January 2015

Complaint Investigations of Minnesota Health Care Facilities

Submission. Ministry of Economic Development. Draft Insolvency Law Reform Bill Discussion Document. to the. on the

Transcription:

Creation and Evolution of the Colombian DPA Copyright 2015 by Nymity Inc. All rights reserved. This document is provided as is without any express or implied warranty. This document does not constitute legal advice and if you require legal advice you should consult with an attorney. Forwarding this document outside your organization is prohibited. Reproduction or use of this document for commercial purposes requires the prior written permission of Nymity Inc.

Introducing A Data Privacy Research Company Supporting The Privacy Office Focus: Dedicated to global data privacy compliance research Established: 2002 Headquarters: Toronto, Canada Research: Inventor of several compliance methodologies & frameworks Funding: Partially funded by government R&D grants. Extensive range of global solutions and products Effectively communicate Privacy, increase efficiency and save time All solutions are based on ongoing, empirical research A dedicated research team provides up-to-date information, analysis and best practices Enables you to comply with confidence

Background: 1991-2008 Data protection included as fundamental right in Constitution Individual redress possible through constitutional protection actions (effective to address individual rights but no real deterrent for companies to shape up ) Wide body of jurisprudence at Constitutional Court level 2008-2012 Enactment of Credit Reporting Habeas Data Law Enforcement powers granted to the SIC and SF Enforcement conducted by ad-hoc groups within SIC and SF (Fines up to USD $350.000) 2012-2015 Enactment of General Data Protection Law (L.1581/12) Creation of Deputy Data Protection Superintendence within SIC (dedicated resources and personnel) Expanded enforcement powers granted to the SIC (Fines up to USD $425.000) + Educational mandate + Government advisory mandate + International Cooperation mandate

Choosing an Agency: Institutional challenges Under the institutional framework created by the 1991 Constitution, the incorporation of an Independent DPA involved a constitutional reform Existing human rights agencies (i.e. Defensoría del Pueblo offered challenges for efficient enforcement) Fiscal austerity prevented the creation of a single standing DPA Using a credited agency: SIC as DPA SIC had a long and proved history as consumer protection, patents and trademarks and competition agency L. 1266 assigned functions for credit reporting violations which gave a taste of its capacity as DPA Experience handling complaints and enforcement actions in consumer and competiton Good perception by the public as an efficient agency Back-office resources allowed to set up a special data protection unit without major costs

SIC as DPA: Operational basics Deputy Data Protection Superintendency of SIC created in December 2011 as part of an ongoing internal reorganization restructuring process that reinforced the whole entity Structure: incorporated as 1 of 6 Deputy Offices within SIC with dedicated staff of 12 pax Deputy Superintendents appointed by Superintendent of Industry and Commerce. No fixed term, freely removable. Superintendent of Industry and Commerce appointed and removed by the President. After OECD observations as part of the Colombian accession mission, a project to assign fixed 4 year terms is under evaluation Appeals guaranteed for investigations through a subdivision in two levels: Deputy Superintendent Investigations Director Mandatory claim review distributed through two units within the Direction of Investigations: (i) Habeas Data Unit and (ii) Investigations Unit Deputy Superintendence operations guaranteed through general budget allocated to the SIC

2015 figures: General Budget and investment SIC is funded by the General Treasury and by patent and trademark filing fees SIC doesn t eat what it kills Budget type Allocation (in USD) General (operational) $22.000.000 Investment $23.000.000 TOTAL $45.000.000 USD $254.000 assigned directly to DPA. Indirect benefits and impact from other investment allocations (i.e. technology update, citizen support systems, etc.) Staff DPA started operations in 2012 with dedicated staff of 12. For 2015 staff has raised to 33

Key mandates: Individual redress SIC has a mandate to address each individual claim received in the entity Review of claims impacts efficiency as a large percentage (i) have already been solved, (ii) are not within the SIC s mandates and/or (iii) are not material Handled mostly by Habeas Data Unit Supervision and control Instruction capabilities (i.e. credit reporting instructions, RNBD minimal information requirements, etc.) Order external audits Administrative police Conduct investigations Inspection visits

Operational results: 6000 Claims vs. Enforcement 5000 4889 5000 4000 3812 3000 2000 1987 2296 1000 654 1215 0 0 66 216 217 212 199 201 2009 2010 2011 2012 2013 2014 2015 Complaints Enforcement actions

Operational results: $1.200.000 $1.100.000 $1.000.000 $800.000 $780.000 $815.000 $600.000 $400.000 $486.000 $642.000 $200.000 $228.000 $0 2010 2011 2012 2013 2014 2015 Fines Total fines 2010 2015: USD$ 4.051.000. Estimate values

DPA s special projects, education and Public Policy work: Colombian Accountabilty Guidelines Launched in may 2015 to develop accountability principle included in 2013 secondary regulations Borrowed from Canadian and Hong Kong accountability guidelines. Input from Essential elements of Accountability (Galway Project) and Nymity s Privacy Management Framework. SISI and RNBD RNBD will launch 2015 as per legal mandate Integrated with SISI (supervision model based on RNBD input) Education, awareness and training 4000 people attended training events in 14 different cities 16 SIC MOVIL 3 Latin American conferences (2013, 2014, 2015) 2 Online courses for the general public Government agencies training and awareness program projected for 2016

Going forward SIC has positioned itself as a credited LatAm DPA which efficiently addresses the safeguard of the fundamental right to Data Protection. Guidance to stakeholders on how to implement and maintain an effective privacy program will be key to advance in the implementation of an accountability based approach and further the protection of individuals Announced advances towards independence in appointments will positively influence the DPA s role International cooperation will play an increasingly important role in the protection of individuals

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information