First Argentine Private Databases Census

The purpose of Law No 25,326, as restated by regulatory Decree No 1558/2001 (“Habeas Data Law”) is to guarantee: (i) the complete protection of the data contained in files, records, databases or other technical means, either public, or private if destined to “supply information”; and (ii) the rights to good reputation, privacy, and access to information, in accordance with Article 43 of the Argentine Constitution. The provisions of the Habeas Data Law are also applicable to legal entities.

The Habeas Data Law provides for certain rules and restrictions to the use, transfer, accuracy, security, confidentiality and governmental control of information referred to individuals or legal entities (“Personal Data”).

The controlling authority of the Habeas Data Law is the Argentine Department for the Protection of Personal Data (“Controlling Authority”).

The Controlling Authority supervises compliance with the Habeas Data Law in the following stages of Personal Data processing: (i) collection and gathering; (ii) exchange and transmission; (iii) assignment; and (iv) internal and external mechanisms for the control of files, records or databases.

The responsible person or user of the database shall adopt the necessary technical and organizational measures to guarantee the protection and confidentiality of Personal Data. The registration of Personal Data in databases which do not comply with such requirements is forbidden.

The Habeas Data Law provides that any public file, record or database, as well as private databases whose purpose is to supply information, must be registered before a registry to be created by the Controlling Authority. In addition, the Habeas Data Law also provides that private parties which create files, records or databases which are not for their exclusive personal use must be registered.

According to the regulatory decree, a private file record or database shall be deemed destined to “supply information” if its use exceeds an exclusive personal use and/or if its purpose is the assignment or transfer of Personal Data, irrespective of whether such Personal Data processing is free of charge.

The Habeas Data Law sets forth the information that must be provided for registration. Such information includes: name and domicile of the person or entity responsible for the database; nature and purpose of the database; nature of the Personal Data to be stored; means by which Personal Data is collected and updated; purpose for the collection of such data and the name of the individuals or legal entities to which such data may be transferred; means by which the stored information can be inter-connected; means used to guarantee security of the Personal Data and specification of the type of persons with access to the information; period of preservation of the Personal Data; and terms and conditions under which the owners of stored Personal Data may access such data.

The Controlling Authority issued Resolution No 2/2003, published on November 27, 2003, which provides for the creation of the Argentine Registry of Databases and also states the guidelines for the solicitation form that should be used for the registration.

On February 26, 2004 the Controlling Authority issued Resolution No 1/2004, which provides for the effective implementation of the First Argentine Private Databases Census (“Census”). The Census is being conducted from March 1, 2004 through April 30, 2004, and is mandatory for all databases aimed at providing information (i.e., those whose use exceeds an exclusive personal use and/or whose purpose is the assignment or transfer of Personal Data). In order to comply with the Census, the legal entity or individual responsible for the database must enter the website of the Ministry of Justice, Security and Human Rights and fill out a form (www.jus.gov.ar).

Pursuant to the recitals of Resolution No 1/2004, the Controlling Authority believes that the implementation of the Census is a preliminary step necessary for the operation of the registry.

Since there are no records evidencing the existence of databases in Argentina, the only means that the Government has to access the databases containing Personal Data and their conditions by conducting the Census and implementing the related registry.

The companies participating in the Census should know that, upon their registration they are introducing themselves to the Controlling Authority, and therefore they will be subjected to its control and supervision thereafter.

Despite other sanctions and/or indemnification for damages derived from other applicable laws, the Controlling Authority may apply the following penalties in the event of violation of the Habeas Data Law: (i) observation; (ii) suspension; (iii) fines ranging from Argentine Pesos 1,000 to Argentine Pesos 100,000, or (iv) closures or cancellation of the file, record, or database.

In addition, the Argentine Criminal Code has been amended by the Habeas Data Law to punish with imprisonment those who: (i) knowingly supply false information in a Personal Data file; (ii) access illegally to databases; or (iii) disclose Personal Data protected by law.