One of the most relevant data protection infringement sanctions have been recently announced. It relates to the conviction of a chief security officer of one of the world’s largest private transportation corporations.
The facts that led to the conviction go back to 2016, when said officer concealed the cybersecurity incident from the Federal Trade Commission and, in addition, prevented those responsible from being discovered. It is noteworthy that, although the company accepted the facts and cooperated with justice, it was the general security director who was solely responsible for the crimes of obstruction of justice and deliberate concealment of a serious crime. This shows that personal data protection infringement may lead to sanctions beyond mere economic fines. In fact, Colombia foresees these same penalties for these types of cases.