Security requirements may not always be included in the data protection law, but are key to guaranteeing lawful processing of personal data. The entity processing the data must take all useful precautions with respect to the nature of the data and the risk presented by the processing, to preserve the security of the data and prevent alteration, corruption or access by unauthorized third parties.
Appropriate technical and organizational measures should be implemented to ensure a level of security appropriate to the risk. Argentina’s Protection of Personal Data Law sets some basic requirements relating to securing personal data. Under the Law, employers must adopt technical and organizational measures that are necessary to guarantee the security and confidentiality of personal data and, prevent the data’s adulteration, loss, consultation or unauthorized treatment. The measures should also enable the ability to detect if the data has been changed in any way, whether intentionally or erroneously.
The Security Measures – Treatment and conservation of personal data in computer media (Resolution 47/2018) sets more detailed requirements relating to protecting personal data, including:
HR Best Practices: Review current employee and job applicant data processing practices to confirm whether appropriate steps are being taken to protect the security and confidentiality of personal data. In addition, regularly train employees who may have access to personal information, to ensure that they are following all technical and organizational security measures that have been put in place.