Data Protection in Colombia

Breach notification in Colombia

In accordance with Chapter 2, Title V of the Sole Circular issued by the SIC, a data breach refers to the violation of security codes or to the loss and unauthorized access of data subjects’ information held in a database managed by data controllers or data processors.

Under section 17. and section 18. of Law 1581, both the data controller and the data processor have a duty to notify the authority (SIC) in case of a breach of security, security risk, or a risk for data administration. Such notification shall be made no later than fifteen (15) business days from the date on which the data breach was detected.

Lastly, the Colombian data protection regime does not provide a threshold for data breach notifications. Hence, if there is a violation to the security codes or a risk in the management of data subjects’ information, data controllers and data processors must notify the breach.

Continue reading

  • no results

Previous topic
Back to top