DLA Piper Intelligence

Data Protection
Laws of the World

Law

Honduras
Honduras

Personal Data Protection is regulated mainly in:

  • National Constitution: Article 182 provides the constitutional protection of Habeas Data, giving individuals the right 'to access any file or record, private or public, electronic or hand written, that contains information which may produce damage to personal honour and family privacy. It is also a method to prevent the transmission or disclosure of such data, rectify inaccurate or misleading data, update data, require confidentiality and to eliminate false information. This guarantee does not affect the secrecy of journalistic sources.'

  • Law of the Civil Registry (Article 109, Decree 62-2004). This Law refers only to public personal information that is contained in the archives of the Civil Registry.

  • Law for Transparency and for Access to Public Information (Article 3.5, Decree 170-2006). This law enables the access of any person to all the information contained in public entities, except that which is classified as 'Confidential.' It also extends the Constitutional Protection of Habeas Data and forbids the transmission of personal information that may cause any kind of discrimination or any moral or economic damage to people.

  • Rulings on the Law for Transparency and for Access to Public Information (Article 42, Accord 001-2008). Provide a definition of databases containing personal confidential information, and requires data subject consent, prior to the use of it by any third party.

In addition, a Law for Data Privacy Protection and Habeas Data is being discussed in the Honduran Congress. It is expected to be approved during the first congressional session of 2015.

Last modified 24 Jan 2017
Law
Honduras

Personal Data Protection is regulated mainly in:

  • National Constitution: Article 182 provides the constitutional protection of Habeas Data, giving individuals the right 'to access any file or record, private or public, electronic or hand written, that contains information which may produce damage to personal honour and family privacy. It is also a method to prevent the transmission or disclosure of such data, rectify inaccurate or misleading data, update data, require confidentiality and to eliminate false information. This guarantee does not affect the secrecy of journalistic sources.'

  • Law of the Civil Registry (Article 109, Decree 62-2004). This Law refers only to public personal information that is contained in the archives of the Civil Registry.

  • Law for Transparency and for Access to Public Information (Article 3.5, Decree 170-2006). This law enables the access of any person to all the information contained in public entities, except that which is classified as 'Confidential.' It also extends the Constitutional Protection of Habeas Data and forbids the transmission of personal information that may cause any kind of discrimination or any moral or economic damage to people.

  • Rulings on the Law for Transparency and for Access to Public Information (Article 42, Accord 001-2008). Provide a definition of databases containing personal confidential information, and requires data subject consent, prior to the use of it by any third party.

In addition, a Law for Data Privacy Protection and Habeas Data is being discussed in the Honduran Congress. It is expected to be approved during the first congressional session of 2015.

Last modified 24 Jan 2017
Definitions

Definition of personal data

‘Public Personal Data’ under the Law of the Civil Registry is: ‘Public Data’ whose disclosure is not restricted in any way, and includes the following:

  • names and surnames
  • ID number
  • date of birth and date of death
  • gender
  • domicile (but not address)
  • job or occupation
  • nationality, and
  • civil status

Definition of sensitive personal data

‘Sensitive Personal Data’ in the Law for Transparency and for Access to Public Information is defined as: ‘Those personal data relating to ethnic or racial origin, physical, moral or emotional characteristics, home address, telephone number, personal electronic address, political participation and ideology, religious or philosophical beliefs, health, physical or mental status, personal and familiar heritage and any other information related to the honour, personal or family privacy, and self-image.’

Other Definitions:

  • Consent: Written and express authorisation of the person to whom the personal data refers in order to disclose, distribute, commercialise, and/or use it in a different way as it was originally given for.
     
  • Confidential Information: Information provided by particular persons to the Government which is declared confidential by any law, including sealed bids for public tenders.
     
  • Classified Information: Public information classified as that by the law, and/or by resolutions issued by governmental institutions.
Last modified 24 Jan 2017
Authority

Two entities are responsible for enforcing personal data protection:

  1. National Civil Registry
    http://www.rnp.hn

  2. Institute for the Access to Public Information
    http://www.iaip.gob.hn
Last modified 24 Jan 2017
Registration

Only ‘Obligated Entities’ must inform the Institute for the Access to Public Information of their databases. Obligated Entities are:

  • government institutions
  • NGO’s
  • entities that receive public funds, and
  • trade unions with tax exemptions

The Institute for the Access to Public Information will maintain a list of the databases of the above-mentioned entities.

Last modified 24 Jan 2017
Data Protection Officers

Only Obligated Entities must appoint a data protection officer.

Last modified 24 Jan 2017
Collection & Processing

Individuals, companies, and/or Obligated Entities that collect personal data may not use sensitive personal data or confidential information without the consent of the person to whom such information relates.

However, consent is not required to use or transfer personal data in the following cases:

  • if the information is used for statistical or scientific needs, but only if the personal data is provided in a way that it cannot be associated with the individual to whom it relates
     
  • if the information is transmitted between Obligated Entities, only if the data is used in furtherance of the authorised functions of those entities
     
  • If ordered by a Court
     
  • If the data is needed for the purpose it was provided to the individual or company to perform a service. Such third parties may not use personal information for purposes other than those for which it was transferred to them, and
     
  • In other cases established by law.
Last modified 24 Jan 2017
Transfer

Individuals and/or companies may not transfer, commercialise, sell, distribute or provide access to personal data contained in databases developed in the course of their job, except with the express and direct written consent of the person to whom that data refers, subject to the exceptions set forth above.

Last modified 24 Jan 2017
Security

The Institute for the Access to Public Information has the authority to enforce all Obligated Entities to take necessary security measures for the protection of the personal data they collect and/or use.

The Law neither clarifies nor specifically identifies the security policies or security mechanisms that Obligated Entities must comply with.

As a general statement, the Institute for the Access to Public Information has to ensure the security of all Public Information, of all information classified as confidential by public entities, of all sensitive personal data, and of all information to which the Law gives a secrecy status.

Last modified 24 Jan 2017
Breach Notification

Breach notification is not required.

Last modified 24 Jan 2017
Enforcement

The Institute for the Access to Public Information may receive complaints of abuses regarding the collection of personal or confidential data.

The Institute will impose corrective measures and establish recommendations for those persons or companies who disclose personal data, Sensitive Personal Data or confidential data without authorisation.

Last modified 24 Jan 2017
Electronic Marketing

There is no law or regulation that specifically regulates electronic marketing.

Last modified 24 Jan 2017
Online Privacy

There is no law or regulation that specifically regulates online privacy.

Last modified 24 Jan 2017
Contacts
Julio Alejandro Pohl Garcia Prieto
Julio Alejandro Pohl Garcia Prieto
Associate
T +504 2238-2455
Last modified 24 Jan 2017