No, sharing passwords in Costa Rica is illegal under the Ley de Protección de la Persona frente al Tratamiento de sus Datos Personales (Ley 8968) and the Código Penal (Art. 217 bis), which criminalize unauthorized access to digital systems. The Autoridad de Protección de Datos de los Habitantes (PRODHAB) enforces these rules, with penalties including fines up to ₡50 million ($90,000 USD) and imprisonment for up to 3 years. Recent 2026 amendments tighten scrutiny on corporate compliance, particularly for financial and healthcare sectors.
Key Regulations for Sharing Passwords in Costa Rica
- Data Protection Law (Ley 8968): Prohibits sharing login credentials as it constitutes unauthorized data access, violating Art. 19 on security obligations for data controllers.
- Criminal Code (Art. 217 bis): Classifies password sharing as a cybercrime, punishable by imprisonment if it facilitates fraud, data theft, or system compromise.
- PRODHAB Circular 2026-03: Mandates organizations to implement multi-factor authentication and prohibit password sharing in internal policies, with mandatory audits for non-compliance.
Corporate entities must document password-sharing prohibitions in their Manuales de Cumplimiento to avoid liability under Ley 9024 (Corporate Compliance). Exceptions exist only for legally authorized third-party access, such as court-ordered digital forensics, requiring prior judicial approval.