The obligation to report incidents or attacks to the future National Cybersecurity Agency highlights the need for effective public-private collaboration to ensure an effective response to any incident.
On March 26, the Cybersecurity Framework Law was promulgated, an initiative that creates a National Cybersecurity Agency (ANCI), which will have the purpose of regulating, supervising and sanctioning all public and private organizations that provide essential services and that are subject to to this regulation.
For the purposes of this law, essential services are those that are fundamental for the functioning of the country and the quality of life of society. The following sectors are included within this regulation:
- Electrical generation, transmission or distribution.
- Transportation, storage or distribution of fuels.
- Supply of drinking water or sanitation.
- Telecommunications and digital infrastructure.
- Digital services and information technology managed by third parties.
- Land, air, rail or sea transportation.
- Banks, financial services and means of payment.
- Administration of social security benefits.
- Postal and courier services.
- Institutional provision of health services.
- Production and/or research of pharmaceutical products.
This standard establishes a minimum compliance standard, requiring companies to adopt better tools to protect the rights of people in cyberspace, as well as to avoid the commission of crimes related to identity theft and other computer crimes, such as access illegal activity, sabotage, interception of services and other attacks that compromise security in the digital environment.
The supervisory work of the ANCI also implies sanctioning powers, being able to impose fines that could reach 40,000 UTM, that is, close to $2.6 billion pesos.
This Agency will dictate norms, protocols and minimum standards that must be considered by the subjects bound by this law in order to prevent, report and resolve cybersecurity incidents and attacks through computer means.
The promulgation of this new law turns out to be an important step in the construction of comprehensive national legislation on cybersecurity, and is inserted within a regulatory framework that, in general terms, seeks to guide public and private organizations to improve standards of security in an increasingly globalized and connected world.
For more information, please contact our Compliance and IP team, Tech and Data:
Eugenio Gormáz | Partner | egormaz@az.cl
Francisca Franzani | Compliance Group Director | ffranzani@az.cl
Antonia Nudman | Senior Associate | anudman@az.cl
Jaime Viveros | Associate | jviveros@az.cl
Be part of our multimedia platform and receive the latest legal news, events, podcastsand webinars.