• Fecha: 11 Jul 2011

• Ver archivos adjuntos

An investigation by Pro Acceso found a number of shortcomings in the monitoring and recording of personal data of citizens by government entities. Pro Acceso observes the compliance and non-compliance of the obligation that public and private institutions have to register information databases pertaining to the transfer of data to the Civil Register. Pro Acceso calls for more oversight over the registration of this information.

The State holds the personal data of more than 11 million people via social protection forms. The case is the same with the National Board of Student Aid and Scholarships and, to a lesser extent, with the other 109 public service institutions that handle the personal data of thousands of citizens. For purposes of a study entitled the "Protection of Personal Data in the Public Sector,” Pro Acceso asked these institutions what measures of treatment and control they utilize, what they do with the information, and whether the uses comply with Law 19.628 concerning the protection of personal information.

To conduct this study, Pro Acceso issued a series of inquiries to 166 agencies, state benefits and programs, of which 111 provided information. The results highlighted a number of practical concerns in the management of these information databases.

The study found that only 43% of the entities that claim to have personal databases complied with their duty to register with the Civil Registration Service. According to the study, the failure to register, among other things, makes it impossible to ascertain the institutions’ legal basis for the possession of personal information and purposes of possessing this information. Regarding the latter, only 2.7% of institutions surveyed reported having statistics on database usage, which shows the low level of information processing for the purposes of public policy development.

In addition, 48% of the consulted entities declared to have made transfers of personal data to other public and private institutions, in which only 43% declared to have authorization procedures for data transmission. As Pro Acceso explains, "this shows the need to observe the institutions in greater detail, in order to know if they meet all the legal requirements, and if eventually the information transfers to the private sector."

Concerning matters of security, the study indicates that only 21% of the entities that responded have security policies, and moreover, not all public institutions have a manager or department to ensure the security of information (73%). This absence could lead to a breach of confidentiality rules regarding electronic documents.

On the other hand, no less worthy of consideration, the Pro Acceso study had a high level of responsiveness and timeliness to the inquiries. However, the 25% of unanswered requests remains significantly high.