Privacy & Information Security Law Blog

On February 22, 2016, the Centre for Information Policy Leadership (“CIPL”), together with TRUSTe, the Information Accountability Foundation and Information Integrity Solutions, will co-host a workshop on Building a Dependable Framework for Privacy, Innovation and Cross-Border Data Flows in the Asia-Pacific Region in Lima, Peru. The workshop will be held in the margins of the upcoming meetings of the APEC Electronic Commerce Steering Group and its Data Privacy Subgroup in Lima from February 23-27, 2016.

On March 22, 2013, Peru issued the implementing regulations of its new data protection law. The Reglamento de la Ley No 29733, Ley de Protección de Datos Personales (“Regulations”) provide detailed rules on a variety of topics, including the following:

• Territorial scope;
• notice and consent;
• data transfers;
• processing of personal data relating to children and adolescents;
• data processing in the communications and telecommunications sectors;
• outsourcing;
• information security;
• data subjects’ rights;
• registration of databases;
• codes of conduct; and
• enforcement.

On September 22, 2012, the Peruvian Ministry of Justice and Human Rights issued a draft regulation to implement Peru’s new Personal Data Protection Law. The comment period expires on October 5, 2012; however, the U.S. Department of Commerce’s International Trade Administration has requested an extension to allow additional time for comments. The Centre for Information Policy Leadership at Hunton & Williams LLP is considering high-level comments on the draft regulation. It is thought that Peru may intend to issue the final regulation prior to the 34th International ...

The Department of Commerce released an English translation of Peru’s Law for Personal Data Protection (Ley de Protección de Datos Personales, Ley No. 29733).  The law passed Peru’s Congress on June 7, 2011, and was signed by the president July 2, 2011.  Peru’s adoption of this new law is in keeping with a recent trend in Latin America, where Uruguay, Mexico and Colombia also have passed privacy legislation.

As reported in BNA’s Privacy Law Watch, on July 2, 2011, Peruvian President Alan García signed the Personal Data Protection Law (Ley de Protección de Datos Personales, Ley No. 29733), making Peru the latest Latin American country to adopt EU-style omnibus privacy legislation.  Implementing rules for the new law are to be drafted in the next few months.

On June 7, 2011, the Congress of the Republic of Peru passed the Personal Data Protection Law (Ley de Protección de Datos Personales, Proyecto de Ley 4079/2009-PE).  If signed into law, the bill would make Peru the newest member of the group of Latin American countries with EU-style omnibus privacy legislation.  The broad-ranging legislation would do the following, among other things: