Yes, sharing passwords in Colombia is legally permissible under specific conditions, but misuse can trigger civil or criminal liability under local and international frameworks.
Sharing passwords is not outright banned, but unauthorized access or misuse violates Law 1273 of 2009 (Cybercrime Law) and Law 1581 of 2012 (Data Protection Law). The Superintendence of Industry and Commerce (SIC) enforces data protection, while the National Police’s Cybercrime Unit investigates breaches. Recent 2026 compliance trends emphasize zero-trust security models, pushing organizations to restrict password sharing via internal policies.
Key Regulations for Sharing Passwords in Colombia
- Law 1273 of 2009 (Cybercrime Law): Criminalizes unauthorized access to computer systems (Art. 269F), with penalties up to 8 years imprisonment if sharing passwords enables data theft or fraud.
- Law 1581 of 2012 (Data Protection Law): Requires explicit consent for data sharing (Art. 7), meaning password sharing must align with privacy notices or risk fines up to 2,000 SMLMV (approx. $500,000 COP in 2026).
- Decree 2364 of 2012: Mandates technical safeguards for shared credentials, including multi-factor authentication (MFA) where feasible, to mitigate legal exposure under SIC guidelines.
Organizations sharing passwords must document legitimate business purposes and implement access logs to demonstrate compliance. Failure to do so may result in administrative sanctions or third-party liability under tort law.