Ecuador: DINARDAP and MINTEL announce draft data protection law introduction to Assembly following data breach
The National Directorate of the Public Data Registry ('DINARDAP') and the Ministry of Telecommunications and Information Society ('MINTEL') announced, on 16 September 2019, that the Government of Ecuador intends to submit the draft data protection law to the National Assembly ('the Assembly') within the next 72 hours, following a data breach at Novastratech SA, a company based in Ecuador, in which the sensitive information of citizens of Ecuador was exposed. In particular, DINARDAP reiterated that the draft data protection law should be prioritised in the Assembly as the incident was a clear example of the need to realise the right to privacy as recognised by the Constitution of Ecuador.
MINTEL noted that Novastratech had failed to protect information it unlawfully held on Ecuadorians, which was hosted in an external server outside the country. Furthermore, MINTEL highlighted that legal actions had been taken for the potential violation of privacy and dissemination of personal information without authorisation, as established in Article 178 of Comprehensive Criminal Code of Ecuador.