Two and a half years after the effective date of a law to protect personal data (Law No. 8,968), companies that manage information such as phone numbers, addresses, photographs, medical records and credit records are violating the law. To date no firms have registered with the Data Protection Agency (Prodhab), which is required for any agency, public or private that manages personal information. Companies that maintain data for their internal employee records are exempt. Custodians of customer data and credit reports, typically used for marketing purposes must register.
The law requires firms to ask for permission before collecting records of personal information. It’s also illegal for most entities to ask for information related to race, religious creed, sexual orientation, political preferences, or health. The law exempts government records with respect to national security, criminal investigations and statistical or historical purposes.
To date 33 people have filed complaints, mostly against credit bureau, asking them to amend personal information.