Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
Colombia: SIC fines Bauger COP 93M for unauthorized disclosure of data
The Colombia data protection authority (SIC) published its decision in resolution number 1016 of 2024, as issued on January 26, 2024, in which it imposed a fine of COP 93 million (approx. $22,641) on Bauger SAS for violations of Statutory Law 1581 of 2012 (October 17), which Issues General Provisions for the Protection of Personal Data (the Data Protection Law) following a complaint.
Background to the decision
After credit was approved for a client and Bauger received authorization to process personal data, there was an attempt to contact the client regarding repayment schedules. After Bauger could not contact the client by telephone, an attempt was made to reach the client via WhatsApp, resulting in the client's personal information being received by an unauthorized third party. Once it became aware of the miscommunication, Bauger stated that the number was blocked and no further contacts to the number were made after the third party was informed of the situation. The third party filed a complaint with the SIC stating that personal information was shared via WhatsApp, leading to unauthorized access to personal data.
Findings of the SIC
The SIC stated that to the extent that Bauger disclosed personal information with unauthorized third parties, including sensitive personal data, and failed to preserve the information under the security conditions necessary to prevent the adulteration, loss, consultation, unauthorized or fraudulent use or access in violations of Articles 17(d), 17(f), 17(g), and 17(h) of the Data Protection Law.
Outcomes
As a result, a sanction of COP 93 million (approx. $22,641) was imposed, to be paid within five business days following the execution of the resolution. In addition, Bauger was required to implement all technical, human, and administrative measures necessary to provide security to the personal information contained in its databases to avoid alteration, loss, unauthorized, or fraudulent use or access and refrain from disclosing and sharing the sensitive personal data of ownerships through WhatsApp.
You can read the resolution, only available in Spanish, here.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
