[ad_1]
The Council for Transparency (CPLT) reported this Friday that, within the framework of an inspection carried out between April and July of this year, it received personal data from the Carabineros, such as the RUT of the applicants for different types of permits from the Virtual Police Station .
It was an audit of the CPLT that revealed, among other findings, the massive delivery of the identification number of the applicants of some type of permit or safe-conduct in Virtual Police Station, after limiting freedom of movement in times of health emergency due to Covid-19.
“This from the delivery of the database that contained this personal information of the users of the platform and that Carabineros sent to the CPLT within the framework of the audit process, ”the CPLT reported.
They detail that the response of the police entity to a request from the agency –under the simulated user methodology- allowed “access to the commune data, Final Status (Issued / Permit Not Issued), Date, ID, Company Name, Origin, Process ID (type of permit), Category, RUN Natural Persons, RUT Legal Persons ”.
Gloria de la Fuente, the president of the council, explained that this type of situation shows that “access to personal data not only occurs due to hacks, but many times due to actions or decisions that favor the exposure of personal information, which in this case involves sensitive data, such as information on habits such as how many times a week and at what times do I go to the doctor or buy food or medicine for my family ”.
“Digitization is an effort in which we are committed, but this must go hand in hand with a generation of awareness at the level of public bodies and with the installation of a data security ecosystem, that is, a specific regulatory framework. that determines the obligations and responsibilities that both the public and private sectors must assume, ”said De la Fuente.
Database without registration
In this same audit process, the CPLT reported on the late registration in the Civil Registry of the database generated with the information of millions of people, an obligation established in the current law on the protection of personal data.
The Council explained that, in the context of the analysis of the security situation of the databases associated with the Virtual Police Station, despite the fact that since the current law has flaws, “it does establish that State agencies must register these bases before the Civil Registry and Identification ”, stressed De la Fuente.
To audit compliance with the above, the Council’s team of supervisors made requests for access to information to this body and to the Carabineros, managing to establish that, as of June 30, the uniformed police had not made the aforementioned record. During the development of the inspection process, the entity reported on August 11 that the registration was in process.
Privacy policies
Another aspect audited in the framework of the process promoted by the Council, included the review of the privacy policies and terms and conditions of use and treatment of personal information. In the framework of the audit, it was evidenced, based on information provided by the uniformed institution, that Carabineros would not have had a privacy policy available as of July 9, 2020 to inform users of the way in which their personal information would be treated and protected, since it communicated that it was in “current development”. The link to these was enabled about a month later.
According to the analysis of the CPLT this privacy policy “presents general information related to the construction of the platform” and contains some “deficiencies”, as, for example, it would not contemplate antecedents on “possible data transfers, rights of the owners of the data and time of conservation of the information, despite the duty to inform that the State administration bodies have,” it reads in the agency’s report.
recommendations
The CPLT referred to agencies of the central state administration updated recommendations on the protection of personal data, as a way to face some situations that more strongly evidenced the pandemic and to collaborate while there is no data security ecosystem to adequately protect citizens.
[ad_2]
