As a result of the cybersecurity event experienced by IFX Networks on September 12, which caused a crash of the servers of this technology supplier and, consequently, affected the availability of several applications and web pages of multiple public and private entities, the Superintendency of Industry and commerce’s Deputy Superintendency for the Protection of Personal Data (“Deputy Superintendency”), in its role as Colombian Data Protection Authority, announced the deployment of a series of actions related to this event.
The Deputy Superintendency issued requests for information to IFX Networks and multiple public entities affected by the event, including the Superintendency of Industry and Commerce (“SIC”) itself. It is worth noting that, as stated by the Deputy Superintendency in its statement, they is autonomous and exercise oversight and control functions vis-à-vis the SIC as controller of personal data. Likewise, the Deputy Superintendency mentioned that, at the time of the press release, an administrative visit was underway at the facilities of IFX Networks.
These actions are aimed at determining whether the required parties infringed the obligations and duties imposed by the Colombian Data Protection Regulations. In case of finding sufficient evidence of such infringements, the Deputy Superintendency may investigate and eventually impose sanctions to the required entities, which include, among others, fines of up to 2,000 minimum wages and/or temporary suspension of data processing activities.
