|Published (Last):||5 February 2019|
|PDF File Size:||17.67 Mb|
|ePub File Size:||8.38 Mb|
|Price:||Free* [*Free Regsitration Required]|
Always consult the official source when making use of legal information. This law aims to develop the constitutional right of all people to know, update and rectify information gathered about them in databases, and other rights, freedoms and constitutional guarantees related to the collection, treatment and movement of personal that Article 15 of the Constitution refers to data and the right to information provided for in Article 20 of the Constitution, particularly in relation to the financial and credit, business information, services and from third countries.
This law applies to all personal information data recorded in a database, whether managed by public entities or private nature. This law shall apply without prejudice to special rules providing confidentiality or reserve certain data or information recorded in databases of public nature, for statistical purposes, research or punishment of offenses or to ensure public order.
Exceptions to this law databases that are intended to produce intelligence of State by the Administrative Department of Security, DAS, and the security forces to ensure internal and external national security. Public records by chambers of commerce shall be governed solely by the rules and principles enshrined in the special rules that regulate them.
Also excluded from the application of this law those data maintained in an exclusively personal or domestic sphere and those circulating internally, that is not supplied to other legal or natural persons.
For the purposes of this law, it is understood by: a Holder information. It is the natural or legal person to whom the information lies in a database and subject of the right of habeas data and other rights and guarantees referred to in this law refers; B Source of information.
Is the person, entity or organization that receives or know personal details of the holders of information, under a business relationship or service or any other and that due legal authorization or the holder, provided such data an operator of information, which in turn deliver to the end user. If the source delivers information directly to users rather than through an operator, that will have the dual role of source and operator and assume the duties and responsibilities of both.
The source of information is responsible for the quality of the data supplied to the operator which, in terms of access and provide personal information to third parties, is subject to compliance with the duties and responsibilities envisaged to ensure the protection of the rights of the holder of the data; C Operator information. It is called operator information to the person, entity or organization receiving the personal data source on several holders of information, manages and informs users under the parameters of this law.
Therefore the operator, as has access to personal information to third parties, is subject to compliance with the duties and responsibilities provided to ensure the protection of the rights of the owner of the data.
Unless the operator is the same source of information, this has no business relationship or service with the owner and therefore is not responsible for the quality of the data that are provided by the source; Effective Jurisprudence D User. The user is the natural or legal person who, under the terms and conditions provided in this law, can access personal information from one or more holders of the information provided by the operator or by the source, or directly by the holder information.
The user, as has access to personal information to third parties, is subject to compliance with the duties and intended to ensure the protection of the rights of the data subject responsibilities. In the case where the user in turn deliver information directly to an operator, that will have the dual status of user and source, and assume the duties and responsibilities of both; E Data staff. It is any piece of information related to one or more specific or identifiable persons or that may be associated with a natural or legal person.
Impersonal data to the data protection regime of this law is not subject. When referring to data is made in this law, it is presumed that it is personal use. Personal data may be public, semi-private or private; F Public Data. It is qualified as such by the mandates of the law or the Constitution and those who are not semiprivate or private, in accordance with this Act data.
They are public, among others, the data contained in public documents, duly executory judgments which are not subject to reserve and those relating to civil status of persons; G Data semiprivate. Is semiprivate the data that has intimate nature, reserved, not public and whose knowledge or disclosure may be of interest not only to its owner but to a certain sector or group of persons or society in general, such as financial data and credit commercial activity or services referred to in Title IV of this law.
H Private Data. It is the fact that by their intimate or confidential nature is only relevant to the owner. I Commercial Information Agency. It's all legally incorporated company that has as its principal activity is the collection, validation and processing of business information on companies and traders specifically requested by their customers, meaning commercial information that historical and current information on the, asset, financial market situation, administrative, operational, compliance and other relevant obligations to analyze the overall situation of a company information.
For the purposes of this law, commercial information agencies are operators of information and information sources. CLAUSE: numerals 2 and 6 of Article 8, Article 12 and Article A commercial information agencies, as well as their sources or users, as applicable, the following provisions of this Act shall not apply.
For all purposes of this Act shall mean financial, credit, business information, services and from third countries, that referred to the birth, execution and termination of financial obligations, regardless of the nature of the contract that they originally.
In the development, interpretation and application of this law, be taken into account, harmonic and integral way, the principles set forth below: a Principle of accuracy or quality of the records or data. The information contained in the databases must be truthful, complete, accurate, current, verifiable and understandable.
The administration of personal data must obey a legitimate purpose in accordance with the Constitution and the law. The aim should be informed to the holder of the prior information or concomitantly with the granting of authorization, when it is necessary or generally whenever the holder requests information; C Principle of restricted circulation. The administration of personal data is subject to limits deriving from the nature of the data, the provisions of this law and the principles of management of personal data especially the early timing of the information and the purpose of databank.
Personal data, except public information may not be accessible by Internet or other means of disclosure or mass, unless access is technically controllable to provide knowledge restricted only to holders or authorized users under communication this law; D Principle of timeliness of information. Cardholder information can not be provided to users or third parties when they stop serving for the purpose of the database; E Principle of comprehensive interpretation of constitutional rights.
This law is interpreted that constitutional rights are adequately protected thereby, such as habeas data, the right to good name, the right to dignity, the right to privacy and the right to information. Rights holders be interpreted in harmony and balance in a plane with the right to information under Article 20 of the Constitution and other constitutional duties; F Principle of security.
The information that forms the constituent individual records databanks that the law refers to, as well as from consultations make it their users, should be handled with the technical measures necessary to ensure the safety of records avoiding adulteration, loss, consult or unauthorized use; G Principle of confidentiality.
All natural or legal persons involved in the administration of personal data that do not have the nature of public are required at all times to ensure the confidentiality of information, even after the end of their relationship with one of the tasks comprising administering data can only perform supply or data communication when this is the development of the activities authorized under this Act and the terms of it.
Personal information collected or provided information in accordance with the provisions of the law operators that is part of the database it manages, may be delivered orally, written, or made available to the following persons and in the following terms: a holders, to persons duly authorized by them and their successors through the consultation procedure provided for in this law.
B Users of information, within the parameters of this law. C Any judicial authority, prior court order. D public bodies of executive power, when knowledge of this information corresponds directly to the performance of any of its functions. Effective Jurisprudence Matches E A supervisory bodies and other dependencies of disciplinary investigation, fiscal, or administrative, when the information is needed for the development of an ongoing investigation.
F other data operators when the holder has permission or when without the authorization of the owner the target database has the same purpose or a purpose to understand which is the operator be required delivery the data. If the recipient of the information regardless of bank foreign data delivery without the authorization may only be made leaving a written record of delivering information and after verification by the operator that the laws of the respective country or receiver provide guarantees sufficient for the protection of the rights of the holder.
G other persons authorized by law. Holders have the following rights: 1. Faced with operators databanks: 1. Public information management does not require authorization of the data, but is subject to compliance with the principles of management of personal data and the other provisions of this law. Administration semiprivate and private data requires the express prior consent of the data, except in the case of financial, credit, commercial data, and services from third countries which does not require authorization of the owner.
In any case, the administration of semi-private and private data is subject to compliance with the principles of management of personal data and the other provisions of this law. Faced with the sources of information: 2. Effective Jurisprudence 2. Facing users: 3. Holders of financial and credit information additionally have the following rights: may appeal to the supervisory authority for complaints against the sources, operators or users for violation of the rules on administration of financial and credit information.
Likewise, they may appeal to the supervisory authority to pretend that an operator or source order the correction or updating their personal data, where this is appropriate under the provisions of this law. Without prejudice to compliance with other provisions of this Act and other governing their activity, operators databanks are required to: 1. Ensure at all times the owner of the information, the full and effective exercise of the right of habeas data and petition, that is, the possibility of knowing the information about it exists or rest in the database, and request the update or correction of data, all of which will be done through consultation mechanisms or claims, under the provisions of this law.
Ensure that the collection, processing and circulation of data, other rights enshrined in the law will be respected. Allow access to information only to persons who, in accordance with the provisions of this law, can have access to it.
Adopt an internal manual of policies and procedures to ensure proper compliance with this law and, especially, for answering inquiries and complaints from the headlines. Apply for certification to the source of the existence of the authorization granted by the holder, when such authorization is required, under the provisions of this law.
Keep with due assurances records stored to prevent deterioration, loss, alteration, unauthorized or fraudulent use. Make regular and timely update and correct data whenever you report news sources, under the terms of this law.
Handle requests, inquiries and complaints made by the holders of information, under the terms stated in this law. Indicate in the respective individual record that certain information is under discussion by the holder when submitting the request for correction or updating it and not yet completed this process, in the way it is regulated by this law.
Circulate information to users within the parameters of this law. Comply with the instructions and requirements that impart the supervisory authority regarding compliance with this law. Others arising from the Constitution or this Act. Effective Jurisprudence Matches Article 8. Sources of information must comply with the following obligations, without prejudice to compliance with other provisions of this Act and other governing their activity: 1.
Ensure that information that operators databanks or users is truthful, complete, accurate, current and verifiable is supplied. Report, on a regular and timely to the operator, all the news in the data previously supplied him and take other necessary steps for the information provided this is kept current measures.
Rectify incorrect information when and inform the relevant operators. Design and implement effective mechanisms to timely report the information to the operator. Apply, where the case, and keep a copy or evidence of the respective authorization granted by the holders of information, and make sure not to provide operators no information whose supply is not previously authorized, when such authorization is required, in accordance with the provisions of this law.
Certify, semiannually to the operator that the information provided is authorized in accordance with the provisions of this law. Resolve complaints and petitions holder in the way it is regulated by this law. Inform the operator that certain information is under discussion by the owner, when he submitted the request for correction or updating it, so that the operator included in the data bank a mention in this regard until that procedure is completed. Comply with the instructions issued by the supervisory authority regarding compliance with this law.
Effective Jurisprudence Matches Article 9. Without prejudice to compliance with the provisions of this Act and other governing their activity, information users should: 1.
Save on the information supplied to them by operators of databanks, by sources or holders of information and use the information only for the purposes for which it was delivered, under the terms of this law.
Inform holders at their request, on the use that is giving information. Keep with the appropriate security information received to prevent deterioration, loss, alteration, unauthorized or fraudulent use. Comply with the instructions given by the supervisory authority regarding compliance with this law. Management activity of financial, credit, business information, services and from third countries is directly related and promotes an activity of public interest, as is proper financial activity, as helping the democratization of credit, promotes development of credit activity, the protection of public confidence in the financial system and the stability thereof, and generates other benefits for the national economy and especially for financial, credit, commercial and service activity in the country.
Management of financial, credit, business information, services and from third countries by sources, users and operators must be made so as to allow further the goals of expansion and democratization of credit. Users of this information should assess this information concurrently with other factors or evidence that technically affect the risk assessment and credit analysis, and not be based solely on the information relating to the breach of obligations provided by operators to take decisions against credit applications.
The Financial Superintendence of Colombia may impose sanctions under this law to users of the information to deny a loan application based solely on the report negative information from the applicant.
LEY DE HABEAS DATA 1266 DE 2008 PDF
Have ideas? Need advice? Subscribe to the Privacy List. Looking for a new challenge, or need to hire your next privacy pro? Turn any screen into a virtual classroom with real-time instruction from expert IAPP faculty - no travel necessary. Do your policies and procedures comply with the GDPR?
Por violación de datos multan a Avantel, Comcel y Directv