The Personal Data Protection Law N° 29733 (PDPL) was enacted in June 2011. In March 2013, the Supreme Decree N° 003-2013-JUS-Regulation of the PDLP (Regulation) was published in order to develop, clarify and expand on the requirements of the PDPL and set forth specific rules, terms and provisions regarding data protection.
Together, the PDLP and its Regulation are the primary data protection laws in Peru.
As of 2021, Peru
approved the Bill that creates the National Authority for Transparency, Access to Public Information and Protection of Personal Data.
Peru possesses a
Digital Trust Framework, as a means to establish certain obligations for public or private entities acting as digital service providers. These include reporting when a digital security incident involving personal data occurs, as well as implementing technical, organisational, and legal security measures to guarantee the confidentiality of information transmitted through its communications services.
Over the last decades, the Peruvian state has made efforts to promote digital transformation, both within its institutions and in the services it offers to citizens and has outlined a
Digital Agenda in 2021 for Digital Transformation.
The Canadian
National Cyber Security Strategy puts an emphasis on “secure and resilient Canadian systems”, specifically critical infrastructure such as electricity grids, communications networks, and financial institutions. The ambition to help other countries expand their capacity building activities has been a key aspect of Canada’s cyber engagement strategy and its concurrent aim of promoting an “open, secure, and multistakeholder-led Internet”. Under the auspices of the OEWG, Canada has
argued that “member States must make cyber security capacity development a priority at the highest level” and that “it is […] important to analyze and assess the capacity building needs collaboratively and agree on a collective approach”. Through the Anti-Crime Capacity Building Program (ACCBP), Canada has committed $27.7M to cyber capacity building, primarily in Latin America. ACCBP also assists countries in developing their own national cyber strategies and cybersecurity standards while also ensuring respect for human rights and privacy for all citizens. Meanwhile, Canada has been cooperating with several international and regional organizations on the development and implementation of Confidence-Building Measures (CBMs); for instance, there have been
several Canadian initiatives at the OSCE, including workshops on international law and cyber operations as well as scenario-based discussions on CBM 5 (information sharing about national responses to regional cyber incidents). Canada
believes that capacity-building should be multistakeholder and integrate the insights of the technical community as much as possible. The Canadian representative at the OEWG has also
highlighted the importance of gender balance and the participation of women in capacity-building efforts.
In recent years, Albania has significantly expanded its capacity-building activities, modernising both the relevant institutional apparatus and the diplomatic outreach accompanying it. Since 2017, ALCIRT, Albania’s national CSIRT, has been given an expanded mandate and merged with the National Authority for Electronic Certification and Cyber Security (AKCESK). AKCESK is responsible for preparing strategic documents relating to cybersecurity, drafting legislation, collaborating with relevant stakeholders (international organisations, civil society organisations, the private sector) and providing training. [
x] Through AKCESK, Albania has signed Memoranda of Understanding (MOU) with several regional national CERTs (Kosovo, North Macedonia, Romania) and is currently negotiating similar MoUs with Serbia, Montenegro, Cyprus, and Slovenia. [
x] AKCESK also frequently collaborates with the Council of Europe in relation to incident response and awareness training. [
x] As a member of NATO, Albania signed the MoU with the NATO Cyber Incident Response Centre (NCIRC) on enhancing cyber defence in 2013 [
x] and has participated in numerous NATO-led training initiatives, including the flagship Cyber Coalition exercise. Meanwhile, increased emphasis has been placed on the protection of critical infrastructure, with a 2015 government paper stating that future actions will be focused on “the protection and resilience capacity of critical infrastructure” and on “encouraging operators that own them to implement a full security architecture (including risk management and emergencies)”. [
x] In 2020, Albania adopted its first-ever cybersecurity regulation for the electricity sector, which establishes incident reporting and assessment criteria for electricity operators. [
x] This was reportedly only the first of many planned initiatives intended to reduce the country’s cyber vulnerabilities and increase trust in digital services.