Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Costa Rica: Bill imposing timeline for data breach notification introduced to Legislative Assembly
On January 22, 2024, Bill No. 24135 was introduced to the Legislative Assembly, amending Law No. 8968 of 2011 to introduce the obligation to report data breaches to the Costa Rican data protection authority (PRODHAB) and data subjects within 72 hours from when the controller had knowledge of the breach. The bill aims to align itself with current international standards in data protection, notably with the General Data Protection Regulation (GDPR).
The bill would require that controllers inform the means or place where more details can be obtained regarding the data breach, adding to the minimum information that the breach notification must contain.
Lack of compliance with the deadline to issue a data breach notification would be considered serious misconduct according to the bill, subject to a fine.
You can read the bill and track its progress via the Legislative Assembly website's search engine accessible here.