Jump to Navigation

Fall 2006-04 New DACO regulation on information security

newsletter header


Number 65
Fall 2006

New DACO regulation on information security

Infringement of information security is the subject of a new regulation promulgated by the Puerto Rico Department of Consumer Affairs (DACO)-Regulation Number 7207.

Data banks

It provides that entities that maintain data banks with information that include the names of persons and at least one of the other items listed below, must deliver certain notices whenever it discovers a security breach. The list of other items is the following:

  • Social Security number,
  • number of driver's license, electoral card or other official identification,
  • bank account number (whether or not protected by an access code),

user name and access code,

medical information protected by HIPAA,

tax information, or

work performance evaluation.

Exceptions

The regulation does not apply if the information in question is limited to mailing or residential addresses, or other data available to the general public. Also exempted are data banks protected by cryptographic code, as well as those not kept for commercial purposes.

Notices

If a breach in security happens, the entity keeping the information must notify the persons affected as soon as possible. It must also give notice to the entity from which it acquired the data, or who provides it access to the data.

The notice must be in writing and must contain certain information listed in the regulation.

Alternate notification

The regulation permits alternate means of notification, such as advertising in the press, if the cost of individual notifications exceeds $100,000, or if individual notifications are otherwise too onerous, given the number of persons involved, difficulty in locating them or the entity's economic condition.

Notice to DACO

In addition, the breach must be notified to DACO within ten days of its discovery. DACO, in turn, must make a public announcement, if notice to all persons affected was not possible.


© 2006 Goldman Antonetti & Cordova, LLC

Members Of: Interlaw International Lawyers Network
Employment Law Alliance Helping Employers Worldwide

Goldman Antonetti & Córdova is a member of the Employment Law Alliance, the leading international network of over 3,000 attorneys providing employment and labor expertise in more than 90 countries and all 50 U.S. states.