El Salvador: Data and IT protection

Author: | Published: 30 Oct 2017
Email a friend

Please enter a maximum of 5 recipients. Use ; to separate more than one email address.

Consortium Legal – El Salvador

Address

Edificio Avante Local 313
Urb. Madre Selva III
Calle Llama del Bosque Poniente
Antiguo Cuscatlán, La Libertad
El Salvador

Telephone

+503 2209-1600

Fax

+503 2511-4611 Visit Website

Updating the legal framework in Central America will help guarantee data confidentiality. But in order for companies to face growing vulnerabilities and risks, any internal policies or regulations that they establish must be complemented with appropriate technology. In El Salvador and the rest of the region, companies are rethinking their security strategies, including controls, policies, work regulations and internal processes. These new security measures are driven by the evolution of technology, IT security incidents and industry growth.

As far as security policies are concerned, seven out of 10 companies in Central America claim to have them in place, defining how employees should behave regarding the use of the company's IT resources, as well as how to manipulate information according to its confidentiality. With regard to the classification of information, analysts consider that this area requires further work, since only three out of 10 companies have an information classification policy. Not knowing what information is valuable to the company or who should access it causes complications for the teams in charge of protecting it.

In information security, the aim of the protection is to guard the data and avoid losses and unauthorised modification. Protection must first and foremost ensure the confidentiality, integrity and availability of data.

Organisations have to ensure that the security processes implemented in the entity are feasible. In other words, they must be sure that they technically work and serve their purpose, that they are embedded in business processes, and that people respect them. It is essential that they are supported, and approved by the management, because otherwise they lose their credibility. It also means that they must be designed in such a way that they do not paralyse or hinder operational processes because they must support the fulfilment of the organisation's mission, not prevent it.

Because the implementation of measures is not an isolated, single task but a continuous process, the management and maintenance of the measures must be integrated into the business operations, supported by rules and regulations that legalise their application, with sanctions in cases of non-compliance.

Consortium Legal continuously strengthens its practice areas, maintaining itself at the forefront of technological advances with complementary practice areas in data protection, new technologies, IT security, digital crime and corporate compliance.

María Alejandra Tulipano Illueca
Consortium Legal

 


 

 

close Register today to read IFLR's global coverage

Get unlimited access to IFLR.com for 7 days*, including the latest regulatory developments in the global financial sector, updated daily.

  • Deal Analysis
  • Expert Opinion
  • Best Practice

register

*all IFLR's global coverage published in the last 3 months.

Read IFLR's global coverage whenever and wherever you want for 7 days with IFLR mobile app for iPad and iPhone

"The format of the Review has changed over the years; the high quality of its substantive content has not."
Lee C Buchheit, Cleary Gottlieb

register