Although Panama needs to strengthen its regulation on cybersecurity and cybercrime, there are some important initiatives that have begun in the past decade:

• In 2011, the Computer Security Incident Response Team was created through Executive Decree 709/2011, which is responsible for cyber incidents in the public and private sector affecting critical infrastructure.
• Afterwards, the National Strategy for Cybernetic Security and Critical Infrastructure Protection was released by the National Council for Government Innovation through Resolution 21/2013.
• In 2013, Panama joined the international campaign 'Stop. Think. Connect.' with the aim of community awareness to cyber risks and to promote online good practices.
• Later, Resolution 17/2021 the National Strategy for Cybersecurity for 2021-2024 was issued, by which prominence was given to: (i) preventing criminal behaviour in cyberspace; (ii) stopping the use of cyberspace for any illegal acts; (iii) innovation, training, and adoption of standards to develop a culture of cybersecurity; and (iv) preserving privacy of personal information, among others.
• Via Law No. 79 of 2013, Panama adopted the Budapest Convention on Cybercrime.
• The Panamanian Criminal Code (Articles 289 to 292) addresses the matter of cybercrime by incorporating some specific crimes with imprisonment sanctions for misuse of electronic media, including improperly access, use, copy, interferences, obstruction, modification of a database, network, or computer system, comprising also data in transit.
• By issuing Law No. 81 on Personal Data Protection ('the Law'), privacy of personal data was also protected by the Government of Panama, starting last year 2021 when the law entered into effect and was also regulated through Executive Decree 285/2021.

There is no doubt that with the entry into force of the Law, a new era for this topic was started in Panama. As a consequence of this, it is prohibited to trade with databases that contain private information, which up to then was a very widespread practice carried out mainly by loan institutions to access special categories of people such as retired individuals or pensioners.

There is a long way to go as enforcement of data privacy cybercrime and sanctions are yet to be seen. Moreover, cybercriminals have taken advantage of an opportunity due to the COVID-19 pandemic, whereby enterprises, people, and government institutions were forced to go remote, dealing with a new age of online practices, requirements, and exchange of information. Just by requesting an online groceries service delivered to your door, a huge range of personal information is put on view in cyberspace. In the midst of a pandemic that forces the sharing of large volumes of data, users are almost constantly connected to the internet. Therefore, the great challenge of cybersecurity in Panama is to understand the importance of keeping devices safe and knowing the risks of hackers.

When it comes to crimes against the confidentiality, integrity, and availability of data and computer systems, these include: (i) identity theft; (ii) phishing, which deals with sending a link to an email account that leads to a fake page in which customers deliver their password under this deception; (iii) pharming, by which a web page is cloned and redirected to users who believe they access the correct internet address, capturing their passwords; (iv) the use of malware, which can be very sophisticated and has widely spread, by which the imperceptible introduction into the operating systems of the computers, of a virus, namely, a Trojan horse, a worm, a spyware, keylogger, or other malicious program, as a result of an email, the visit to an infected web page or the download of content, that once executed extracts the information from the infiltrated device; and (v) forgeries and computer frauds, which include the electronic falsification of documents, false sales on the internet, the use of stolen credit card data, emails in which a prize or inheritance is reported, and the realisation of electronic transactions by identity spoofers, among many others.

In a nutshell, cyber attacks, identity theft, malware, data breaches, and ransomware raids have become an everyday plague. We have seen both multinationals and local companies, from banks to insurance companies, who have had their databases impacted by cybercriminals. Time has come to pay close attention to cybersecurity in order to safeguard not only our personal information but also our finances and the integrity of our organisations.

Panama is well known for the cross transit of sophisticated fiber optic communications that were launched in the nineties, connecting the south and the north through the SAC/PAC submarine cables; as well as for its financial centre with over 80 international and local banks, together with an ambitious governmental initiative to attract more transnationals with an amicable legal frame work for multinational headquarters and manufacturing conglomerates. Law No. 159 of 2020 creates a special regime and was released for the formation of logistics centres for light manufacturing and repackaging in Panama, to promote the installation of headquarters of soft manufacturing enterprises to settle their hubs in Panama. The same applies to the opening of distribution centres in the second biggest free zone of the area, Colon Free Zone, in the Atlantic side of the country. But will all this be effective if Panama does not pay attention to its cybersecurity regime?

Frankly, the Government must focus on protecting its infrastructure, digital networks and, above all, educating its citizens. Undoubtedly, there are expert hackers out there who are capable of finding the tiniest vulnerabilities of any unsafe site.

According to the Inter-American Development Bank, the strategy implanted by governments altogether to address cybercrime is essential for effective, efficient, and sustainable cybersecurity. This must carefully balance the need for security to enable economic growth and sustainability while respecting the right of freedom of expression and the right to privacy. An in depth view can be seen in the 2020 Cybersecurity Report-Risks, Improvements and the Way Forward in Latin America and the Caribbean, providing a complete overview and appraisal on the status of cybersecurity, including risks, challenges, and opportunities in the region.

Panama has already identified that critical infrastructure requires special protection, and that to accomplish such protection a Manual for Good Practices should be commonly adopted, including contingency measures to assure continuity of cyber services even after a cyber attack. All of these measures should be done without affecting the fundamental right of data privacy and the confidentiality of private life of all citizens and residents of the Republic of Panama.

Siaska SSS Lorenzo Managing Partner
[email protected]
Arias Law, Panama City