Argentina – Security Recommendations for Data Protection
On July 25th 2018 the Official Gazette published Resolution N° 47 issued by the Agency of Access to Public Information (AAIP), which approved new security measures for the protection of the confidentiality and integrity of the information that contains personal data during the whole process, from its recollection to its destruction.
This Resolution considered not only the development of technology and internet, but also social networks, instant messages services and e-commerce which continuously threaten the security, integrity and confidentiality of the information that contains personal data.
The regulations cover the treatment of data both in computerised and non-computerised media and include, among others, issues regarding:
- The process of integrity and confidentiality during the data recollection procedure;
- Specific security measures to guarantee an effective control of access.
- The usage of secure destruction methods applying an efficient control.
- The procedures in the presence of security incidents.
- Backup processes that may allow a correct recover in case of an incident that may block the access to the information originally stored.
- The implementation of revision processes that may allow to identify, analyse, assess and correct all possible vulnerabilities of computerised systems that deal with information.
- Development environments.
Despite the fact that these features are not compulsory for the responsible persons and users of files, records, database and databank, but rather recommendations that expect to adapt the practices to the new legal requirements, it is worth mentioning that Act 25.326 already includes certain duties that are assumed by people in charge of data treatment.
Likewise, we consider that these new recommendations are another step in the search of optimising local regulations for adapting them to changes not only in terms of technology but also with respect to the current global standards, among them, the new General Data Protection Regulation (GDPR) in force from May 25th 2018.
The annexes with all the AAIP recommendations can be found below.