New Law on Computer Crimes and the criminal liability of legal entities

Eight new crimes added to the catalog of Law 20.393.

On June 20, 2022, Law No. 21,459 was published, which establishes rules on computer crimes, repealing Law No. 19,223 that regulated the matter since 1993.

Likewise, the Law modifies other legal bodies in order to adapt them to the Budapest Convention to which Chile is a party and incorporates new crimes that aim to protect different legal assets such as privacy, intellectual property, national security and confidentiality of computer systems. The incorporation of these offenses complements the catalog of Article 1 of Law No. 20,393, which establishes the criminal liability of legal persons.

THE FOLLOWING OFFENSES ARE INCORPORATED INTO OUR LEGISLATION:

1. Hacking the integrity of a computer system: consists of hindering or preventing the normal operation (in whole or in part) of a computer system. It is committed through the introduction, transmission, damage, deterioration, alteration or deletion of computer data. For example, ransomware, i.e. malware that prevents users from accessing their systems or files, demanding the payment of a ransom to regain access.

2. Illicit access: access to a computer system by overcoming technical barriers or technological security measures, without authorization or exceeding the authorization possessed is typified. For example, the use of unauthorized access credentials obtained by overcoming technical security barriers.

3. Unlawful interception: consists of hindering, interrupting or interfering with the non-public transmission of information in a computer system or between two or more computer systems, in an improper manner; or capturing, by technical means, data contained in computer systems through the electromagnetic emissions that come from them. For example, sniffing, whereby data is intercepted by capturing network traffic using a packet sniffer to read unencrypted data.

4. Hacking the integrity of computer data: it consists of altering, damaging or deleting computer data, causing serious damage to the holder of the New Computer Crime Law and its implications for Compliance, in an improper manner. For example, adware, that is, malware designed to display advertisements on the screen, generating profits for the programmer, and may cause the device to execute unwanted tasks.

5. Computer forgery: this consists of introducing, altering, damaging or deleting computer data with the intention that it be taken as authentic or that it be used to generate authentic documents, in an improper manner. For example, spoofing, i.e. a malicious activity whereby a third party impersonates a different entity by falsifying data in a communication.

6. Receipt of computer data: it is criminalized to trade, transfer or store in any way, computer data resulting from illicit access, illicit interception or computer forgery, knowing or being aware of the illicit origin of such data. For example, storing a database obtained through illicit access to another computer system.

7. Computer fraud: consists in manipulating a computer system by introducing, altering, damaging or deleting computer data, or through any interference in the operation of the computer system, causing, on the one hand, a damage and, on the other hand, a benefit for oneself or for a third party. For example, phishing, that is, tricking a person into sharing confidential information through impersonation; or pharming, which consists of redirecting network traffic to a fraudulent website.

8. Abuse of devices: this consists of delivering or obtaining for use, importing, disseminating or otherwise making available one or more devices, computer programs, passwords, security or access codes, for the perpetration of the crimes of: attack on the integrity of computer systems, illicit access, illicit interception or attack on the integrity of computer data. For example, illegal copying of information.

THIS LAW IN PARTICULAR TO IMPLEMENT THE MODIFICATIONS TO THE CRIME PREVENTION MODELS HAS ESTABLISHED A VACANCY PERIOD OF SIX MONTHS DURING WHICH IT IS PEREMPTORY THE ANALYSIS THAT EACH COMPANY MUST PERFORM ON THEIR RISKS RELATED TO COMPUTER CRIMES EXPOSED.

IF YOU NEED HELP IN UPDATING YOUR RISK MATRIX, POLICIES OR CONTROL PROCEDURES, TRAINING OR SIMPLY WANT TO DEEPEN IN EACH OF THESE CRIMES, WE INVITE YOU TO HAVE A COFFEE! WRITE TO US...!!!!!

This email address is being protected from spambots. You need JavaScript enabled to view it.