Privacy Advisor

Global Privacy Dispatches- Argentina and Latin America- DPA

November 1, 2008

By Pablo A. Palazzi

Data Protection Agency issues audit regulation

The Data Protection Agency (DPA) issued Disposition 5/2008 detailing the procedure to perform audits in data controller. The aim of Disposition 5/2008 is to regulate how audits take place and to describe audit stages. Under this new regulation, the data protection agency will send a note with a questionnaire to the company several days before the inspection. Later, the DPA could visit the premises, request access to the databases, and verify compliance with security regulations, registrations, and other requirements of the law.

Data Protection Guidelines for the public sector
The Data Protection Agency has approved, by Disposition 7/2008, the "Guidelines for good data protection practices in personal databases of the public sector." The guidelines explain the application of data protection rules in government databases. They also include a sample confidentiality agreement for the public sector, and the DPA explains the relationship between data protection law and freedom of information regulations.

Data Protection Agency postpones deadline for security measures

By Disposition 9/2008, the Data Protection Agency has postponed for a term of one year the deadline to implement medium and critical security measures under the data protection law and its regulations (Disposition 11/2006). Basic security measures were not postponed. In addition, the DPA enacted a document that can used as a template for implementing the Security and Privacy Policy.