Law No. 172-13 on Comprehensive Protection of Personal Data
Read the PDF: Law No. 172-13 on Comprehensive Protection of Personal Data
Law No. 172-13 on comprehensive protection of personal data
TABLE OF CONTENTS
I. GENERAL SCOPE OF THE LAW
II. SUPERVISORY BODY
III. CREDIT INFORMATION COMPANIES
IV. JUDICIAL PROCEEDINGS
V. HABEAS DATA
VI. DISCIPLINARY PROCEDURE
I. GENERAL SCOPE OF THE LAW
Law 172-13 (the “Law”) aims to establish the legal framework applicable to the comprehensive protection of sensitive data, as well as regulate the constitution, organization, activities, operation and termination of the Credit Information Companies (as its acronym in Spanish “SIC”), and the provision of credit reference services, the provision of information in the market, ensuring respect for the privacy and the rights of holders promoting the veracity, accuracy, effective update, confidentiality and the proper use of such information. This Law has a character of public order and application throughout the national territory.
Within its scope, the Law provides which are the cases where it will not be applied. In this sense, we can highlight that it shall not apply (i) in the personal records maintained by individuals in the course of a purely personal or domestic activity; (ii) in the personal data files established by research organizations and intelligence of the Dominican Republic responsible for the prevention, prosecution and punishment of crimes and offenses; (iii) in the records of personal data concerning deceased people; (iv) the processing of data relating to legal persons, or personal data files which merely incorporate data of individuals who provide those services, consisting of their names and surnames, functions or position held, as well as the postal or electronic address, phone and fax number, and other exceptions.
An important aspect is reflected in the general principles of that Law which provides that the processing and transfer of personal data is deemed unlawful when the owner of the data has not given their free, explicit and conscious consent in writing form or by any other means to equate to it, according to the circumstances. Such consent, provided with other statements, must appear explicitly and prominently, after notifying the required data. In view of the foregoing, when financial entities, operators and other natural or legal persons who have engaged the services of information with the SIC, before applying for and obtaining a credit report, they must collect the holder’s Data consent in written form, indicating that the permit holder authorizes data that can be consulted in the database of the Credit Information Companies. Permit holders of the information must be kept for contracting users for a period of six (06) months.
Shall not require the consent for the treatment and the transfer of data when:
1. Obtained from publicly available sources;
2. They are collected for the exercise of functions of the Powers of the State or under a liability;
3. In the case of lists for marketing, whose data are limited to name, identity, passport, tax ID and other biographical information;
4. Arising from a relationship trade, employment or contractual, scientific or professional with the individual, and deemed necessary for their development or implementation;
5. In the case of personal data received from clients in relation to operations that perform financial intermediation institutions regulated by monetary and financial law and economic agents, credit information, and societies of entities that develop tools of credit scores for the evaluation of the irrigation of the debtors of the financial and commercial system national;
6. As disposed by the law;
7. It takes place between units of the State organs directly, to the extent of compliance with their respective powers;
8. In the case of personal data relating to health, and is necessary for reasons of public health, emergency, or to carry out epidemiological studies, and to preserve the secrecy of the identity of the holder of the data through mechanisms of dissociation;
9. In the case that a procedure of dissociation of information so that data subjects are not identifiable.
Data subjects have the right to request the SIC their credit history or credit report for free four (04) times per year, at intervals not exceeding three (3) months, unless a legitimate interest is demonstrated. The credit history or personal credit report can be viewed at the offices of the SIC; optionally, the data holder may request secure access through a platform via Internet. The SIC will have a term of f ive (05) working days from the date of the request to deliver a report in a clear, complete and accessible manner. We also want to emphasize that everyone has the right to be rectified, updated, and, where appropriate, deleted, personal data that holds and which are included in a database. This procedure is duly embodied in the Law.
II. SUPERVISORY BODY
The Superintendence of Banks is the body responsible for inspecting and monitoring the proper management of files, records or banks compiled with public or private data, aimed at providing credit reports.
Also, this is the agency responsible for granting authorizations to operate as a SIC. Once submitted the application, the Superintendence of Banks will evaluate it and will process it together with the Monetary Board.
A restriction specified in the Law is that no representative of the financial intermediaries may be appointed as a director or general manager director of SIC; also, none of the financial intermediaries can be a shareholder of an SIC, or acquire investment instruments.
III. CREDIT INFORMATION COMPANIES
The 172-13 Law regulates the constitution, organization, activities, functioning and extinction of the SIC in the Dominican Republic, as well as the provision of services of credit references and the provision of such information in the market.
In order to operate in the country, all SIC must obtain authorization by the Monetary Board, while processing their application through the Superintendence of Banks.
As such, they shall be subject to inspection and surveillance of the Superintendence as a supervising body. In regard to the databases of the SIC, they are integrated with the information provided directly by the contributors of data on credit operations and other similar nature of the latter have with their clients.
A contributor data is potentially any operator who contracts the data owner. Both the SIC and its contributors data are subject to strict confidentiality and although two SIC may agree with another to exchange the information in their databases, they shall not grant or transfer, in whole or in part , the information supplied by a contributor data for use by another contributor data, user, subscriber or member, or a third party.
They may not make lists of debtors or select consumers, provided that such prospect lists have not been previously developed and delivered to the SIC by their own subscribers or members, for the purposes of making queries in batches.
The SIC sole function is to provide data on economic and financial nature, but are forbidden to gather, collect, store, update, record, organize, develop, select, compare, interconnect in its database, and generally, used in a credit report, or any other format or medium, information holders specified below:
• Balances and account movements.
• Balances and movements of savings accounts.
• Certificates of deposits, of any nature, of a holder of data in banking or financial institutions.
• Commercial papers owned by the owners of the data.
• Information concerning moral or emotional characteristics of an individual.
• Information related to facts or circumstances of the affective life of individuals.
• Ideologies and political opinions.
• Beliefs or religious convictions.
• Information on the physical or psychological health States.
• Information on the conduct, preference, or sexual orientation.
• Information on the insolvency or bankruptcy of the holder of information, until after forty-eight (48) months since rose the State of insolvency or declared bankruptcy.
It is forbidden to the SIC publish in reports of a guarantor or guarantor information of holders of information, in such a way that the default of the debtor does not prejudice the guarantor or the guarantor’s credit status, or negatively affects the credit score or credit of this score.
Likewise, if a holder of information pays all of a credit that has been deemed as bad or any type of legal status and is closed or cancelled definitively, the contributor of data must be reported to the SIC information concerning the cancellation of the claim, in such a way that after twelve (12) months from the date of cancellation the SIC not published in such credit history legends: “Legal” or “Incobrable”, however that your credit score can be seen affected.
IV. JUDICIAL PROCEEDINGS
Any person may bring an action to know of the existence and access data that it contained in records of public or private databases, and in the event of discrimination, inaccuracy or error, demand suspension, rectify and update those. This action may be brought after the expiry of the maximum period of ten (10) days, the database representative responsible for not having the requirement. In cases of assignment or transfer of data, the responsible for or the user of the data bank must notify the rectification or suppression the assignee within five (05) days of carried out the treatment of the data. Moreover, in terms of suppression, we want to stress that it does not come when it could cause harm to rights or legitimate interests of third parties or when there is an obligation contractual or legal preserve data. In the case of deceased people, the exercise of the right conferred by the Law will be up to his successors.
Notably, the database user must provide the information requested by the owner of the data within five (05) business days after personally making such a request, or by act of sheriff. After the period expires without the request is satisfied, the owner of the data may take legal action before a Court of First Instance to hear of the existence and access to the data it contained in records or public banks or private information.
Data holders shall have the right to request from credit information society your credit history or credit report. This right will be exercised free of charge four (4) times per year and at intervals of not less than three (3) months, except that proves a legitimate interest to the effect.
V. HABEAS DATA
This action may be brought by any interested party in accordance with the Constitution and the laws that govern the matter.
This lawsuit will proceed to take knowledge of the existence of personal data stored in files, records in public or private databases derived from a trade, business or contractual relationship with a public or private entity; or simply, to take knowledge of the personal data which is presumed that there are stored in files, records or public or private databases. During this process the registry or database, must settle or publish reports that the challenged information is subject to a process judicial or challenge of habeas data.
VI. DISCIPLINARY PROCEDURE
In a general sense, anyone who, as a consequence of the breach of provisions in the Law 173-12 suffer damages, have the right to be indemnified under the common law, however, there are some assumptions that give rise to civil or criminal offences which may be guilty as anyone as the SIC, leaving the latter subject to the administrative control of the Superintendence of Banks.
a) Civil Infractions
The following are considered civil infractions:
1. Refuse, without basis, an application by a holder of data, to review, correct or cancel personal data.
2. Refusing to modify or cancel the information of a holder of information, once it has obtained a favorable ruling in a procedure followed in accordance with the provisions of the present Law. Disregard in a serious or repeated manner, the provisions of judgments of the civil courts with the authority of res judicata.
b) Criminal offences
The following are considered criminal offences:
1. To access to the personal data of a holder without having obtained this authorization, being punished by a fine of ten (10) to fifty (50) minimum wages in force, without prejudice to reparations proceeding owed in accordance with general civil liability.
2. When any individual use or provide a credit report from a SIC with the purpose of the commission of a crime, shall be liable to a penalty equal to correctional imprisonment from six (06) months to two (02) years.
3. When a user of a SIC uses a credit report for the commission of a crime, this is considered an aggravating circumstance of the alleged crime.
4. The user of a SIC who gives the credit report a use different from the one it was authorized, shall be punished with a fine between (10) to one hundred (100) minimum wages in force, without prejudice to general civil liability.
5. Any individual who fraudulently accessed a SIC’s database to obtain and use any type of report, shall be punished with a f ine from twenty (20 ) to one hundred (100) minimum wages in force, without prejudice to general civil liability. In the case that the obtainment of said was to aid the commission of a crime, both the individual who fraudulently obtained it and the one who uses it, shall be punished with correctional imprisonment from six months to two years.
6. Any person who violates the provisions of this Law shall be punished with correctional imprisonment of six months to two years and a fine of one hundred (100) one hundred and fifty (150) minimum wages in force. The same penalty will be imposed to anyone whom, in violation of framework set out in this Law, discloses, publishes, reproduces, transmits or records the partial or complete contents of a SIC report concerning a data subject in whatever form and in any medium of mass communication, whether print, television, radio or mail.