Protection of Personal Data in Chile is regulated by Law No.19628 (1999) [Protection de la Vida Privada], and its most recent update Law No. 19812 (2002). Law No. 19628 (Data Protection Law) protects individual's personal data and all data found in commercial, financial, banking and criminal records. It is a crime to destroy, disable, intercept, or interfere with databases, and illegally access, destroy or change information contained in these databases. Additionally, the law forbids the malicious disclosure or publication of data contained in information systems. Following there is a summary of Chile's Data Protection law.
Join the
Internet Law Forum (ILF) to... discuss, share information and knowledge, questions and doubts... regarding the legal aspects of the Internet. The ILF is ALL about the INTERNET... business, laws and regulations, social media... Sign up to enjoy the benefits of the Free Global membership in the IBLS international community!
Protection of Personal Data in Chile is regulated by Law No.19628 (1999) [Protection de la Vida Privada], and its most recent update Law No. 19812 (2002). Law No. 19628 (Data Protection Law) protects individual's personal data and all data found in commercial, financial, banking and criminal records. It is a crime to destroy, disable, intercept, or interfere with databases, and illegally access, destroy or change information contained in these databases. Additionally, the law forbids the malicious disclosure or publication of data contained in information systems. Following there is a summary of Chile's Data Protection law.
Chile's Data Protection law applies to register and databases held by government agencies and the private sector. It is divided in six titles: The first title covers the use of personal data; the second title covers the data subject's rights; title three regulates the use of commercial, financial, banking, and credit related data; title four establishes the rules for the handling of personal data by government agencies; title five refers to sanctions for violation of the data protection laws; the final title refers to the use of health related data by health institutions and pharmacies.
According to title I, personal data can only be collected when authorized by law or the data subject, and the data collector must inform of its collection purpose and whether information would be shared with third parties. The data subject may revoke its authorization in writing directed to the data collector. No authorization is required regarding public information data when used for marketing purposes and includes the person's name, profession or activity, membership in a particular group, address, and date of birth. Likewise, no authorization is required when personal data is handled by private companies for its exclusive use and to render services or for statistical or pricing purposes. Personal data can be held in electronic record and, in certain cases, provided to requesting third parties. These requests must be logged along with the answer to the following three questions, (a) requesting party's identification; (b) reason and purpose for the request; and (c) type of data transmitted. Personal data must be deleted or eliminated when it expires or when no longer legally required. Imprecise or uncertain personal data must be blocked, without the data subject's request. The law compels the data collector employees to keep secret any personal data collected while they are working, and cease working for the data collector.
Data subjects have the right to the information, modification, cancellation, or blocking of their personal data; these rights are not negotiable. Article 16 regulates the process for requests for information held on public or private records. The data subject may request information from any agency or company holding personal data; except when disclosure of this data interferes with a public investigation, violates any other law, or threatens national security. If the data collector does not reply to these requests for information, the data subject may file a complaint before a civil court located in the data subject's domicile.
Collectors of commercial, financial, banking, and credit related data can only disclose this data when it the following cases (a) it is included in promissory notes or a bill of exchange; checks without sufficient funds or closed accounts; mortgage or loan delinquency cases; and in any other case the government requires such disclosure. Public or private entities providing gas, electricity, water, and phone services, including Internet, cannot disclose personal information even in the case of delinquent accounts. Disclosures of commercial, financial, banking or credit related information must be done within the following five years from the date the data subject becomes delinquent or fails to comply with its obligations; the law forbids disclosure of these type of information after the five-year period.
Criminal data or information regarding disciplinary or administrative sanctions cannot be disclosed after the statute of limitations for the respective crime or infraction expires; unless a court or tribunal requires this disclosure.
Regarding sanctions for data protection law violations, title six orders the infringer to pay for the economic and moral damages caused to the data subject; and delete, modify or block, depending on the case, the data as required by the data subject or civil court. Damages are to be set by the civil judge handling the case.
Martha L. Arias, Immigration and Internet Law Attorney, Miami; IBLS Director
[Reference 1]
[Reference 2]