Financial Crime World

Puerto Rico Takes Step Towards Enhanced Data Privacy in Financial Services

Puerto Rico’s Governor signed into law the Cybersecurity Act of the Commonwealth of Puerto Rico on January 18, 2024, aimed at bolstering data security and protecting consumer information.

Mandating Robust Cybersecurity Measures

The new legislation, known as Act No. 40-2024, requires government agencies, contractors, and businesses operating in the financial sector to implement robust cybersecurity measures to safeguard sensitive data. Entities must establish controls to:

  • Prevent unauthorized access to information
  • Ensure the confidentiality and integrity of data
  • Adopt policies governing the use of IT systems

Additionally, any organization doing business with the government or handling sensitive financial information must report cybersecurity incidents within 48 hours of detection.

Implementation and Oversight

The Puerto Rico Innovation and Technology Service (PRITS) has been entrusted with overseeing the implementation of cybersecurity standards across government agencies. The Office for Cyber Incident Assessment will establish protocols to ensure compliance with Act 40.

A new position, Chief Information Security Officer of the Government, has also been created to oversee cybersecurity efforts.

Compliance and Consequences

Government agencies must consult with PRITS prior to engaging in contracts or amendments with contractors. Non-compliant entities may face contract termination by PRITS. The government has until July 18, 2024, to comply with Act 40’s provisions.

Experts’ View: Enhanced Data Privacy for Financial Sector

Experts believe that the new law will significantly enhance data privacy in Puerto Rico’s financial sector, providing an added layer of protection for consumers’ sensitive information. As businesses adapt to these new requirements, it is likely that:

  • Cybersecurity breaches will decrease
  • Customers will have increased confidence in financial institutions
  • A safer and more secure environment will be created for financial transactions

Overall, the Cybersecurity Act of Puerto Rico aims to create a more secure and protected environment for financial services on the island.