Financial Crime World

Puerto Rico Takes Bold Step in Cybersecurity with New Regulatory Framework

San Juan, Puerto Rico - January 21st, Governor Pedro Pierluisi signed the “Cybersecurity Act for the Commonwealth of Puerto Rico” into law, marking a significant step forward in bolstering the island’s cybersecurity defenses.

New Regulatory Framework

The Cybersecurity Act creates a comprehensive set of standards and guidelines for protecting digitally stored government data. The new framework also imposes penalties for non-compliance, aiming to improve the government’s ability to detect, prevent, and respond to cyber threats.

Key Provisions

  • Creates a Chief Information Security Officer position and establishes a Cyber Incident Assessment Office
  • Sets minimum standards for cybersecurity, including:
    • Zero trust architecture
    • Encryption
    • Secure remote connections
  • Prohibits making ransom payments in response to ransomware attacks, except in cases where critical infrastructure is at risk
  • Imposes penalties for non-compliance, including fines ranging from $50 to $100 per day for government agencies and up to five times the contracted amount for private contractors

Implementation and Compliance

The Puerto Rico Innovation and Technology Service (PRITS) will be responsible for implementing, developing, and coordinating the government’s public policy on cybersecurity. Government agencies will have six months to comply with the new standards, while private entities that do business or have contracts with the government will also be required to meet the minimum security standards set forth in the law.

Impact and Expert Analysis

The Cybersecurity Act is seen as a major step forward in protecting Puerto Rico’s sensitive information and critical infrastructure from cyber threats. Governor Pierluisi stated, “This legislation demonstrates our commitment to ensuring the safety and security of our citizens’ personal data… We are taking proactive measures to prevent and respond to cybersecurity threats, and we will continue to work towards building a more secure digital future for Puerto Rico.”

Cybersecurity expert Maria Rodriguez praised the new law, saying, “This legislation shows that Puerto Rico is taking cyber threats seriously and is committed to protecting its citizens’ data… It’s a major step forward in building a more secure digital future for the island.”

The new cybersecurity framework is expected to attract more businesses and investment to Puerto Rico, making it a model for other jurisdictions.