On March 22, Congress sent to the Executive the bill on computer crimes, which defines eight new criminal offenses, repealing the old law that governed this matter and adapting the regulations to the provisions of the Budapest Convention.
The new norm -which will come into effect once the law is enacted and published- penalizes various conducts, updating our regulations to the current reality and at the same time establishing the criminal liability of the legal person when these crimes are committed within an organization. that it has not implemented adequate models for the prevention of these crimes.
Indeed, the old Law No. 19,223, which has been in force since 1993, typifies criminal figures related to computing. it sanctioned only four types of conduct (computer sabotage, computer espionage, the disclosure and alteration of data) and was manifestly outdated. Thus, this new regulation covers these facts from a more adequate perspective, considering the advancement of technology and the possibilities of criminal behavior related to information technology.
In this sense, the penalty for computer fraud stands out in the first place, one of the most anticipated figures by legal operators to sanction scams committed through computerized means, such as fraud at bank tellers. In turn, improper access to computer systems and the receipt of computer data is sanctioned, this being one of the newest crimes, which punishes those who market, transfer or store computer data obtained through the commission of access crimes. illicit, interception or computer forgery.Additionally, computer forgery is typified, which includes the malicious introduction, alteration, deletion or suppression that generates inauthentic data with the purpose of making them pass as “authentic or reliable” by a third party. Another of the new crimes is illegal interception, which penalizes anyone who improperly intercepts, interrupts or interferes with non-public transmission between computer systems.
For its part, the abuse of devices punishes the facilitator of technological means and computer tools that are suitable for committing the crimes of attacks on systems and data, illegal access and computer interception, as well as for the perpetration of conduct. Finally, the attack on the integrity of a computer system and the attack on the integrity of computer data are penalized.
One of the controversial aspects of the bill was the restriction imposed on ethical hacking, since the crime of improper access was typified in a general way, allowing the violation of computer systems only with the authorization of its owner. Thus, unauthorized access, even when performed for the ethical purpose of identifying failures in computer systems and reporting them to the owner for repair, constitutes conduct sanctioned by the legislator.
In consideration of this new regulation, it is recommended that companies carry out a risk assessment and adapt their crime prevention model in order to implement the appropriate mitigation measures to reduce the risk of committing these acts within them.
For more information and advice on the adaptation of crime prevention models for the incorporation of these new legal risks, you can contact:
Jaime Winter | Director Criminal Litigation Group | jwinter@az.cl
Eduardo Anguita | Corporate Group Director | eanguita@az.cl
Sofia Reizin | Associate | sreizin@az.cl
Florence Fuentealba | Associate | ffuentealba@az.cl