Yes, sharing passwords in Peru exists in a legally ambiguous zone, primarily constrained by cybersecurity and data protection statutes rather than explicit criminalization.
Sharing passwords is not outright illegal but violates multiple regulatory frameworks when unauthorized, exposing parties to civil liability under data protection laws and potential criminal charges for fraud or unauthorized access under the Código Penal (Art. 207-A). The Ley de Protección de Datos Personales (Law No. 29733) and its 2026 amendments impose strict consent and security obligations, making unauthorized password sharing a breach of confidentiality. The Organismo de Evaluación y Fiscalización Ambiental (OEFA) and Instituto Nacional de Defensa de la Competencia y de la Protección de la Propiedad Intelectual (INDECOPI) enforce these rules, particularly in corporate and public sector contexts.
Key Regulations for Sharing Passwords in Peru
- Ley No. 29733 (Data Protection Law): Unauthorized password sharing constitutes a violation of data confidentiality, triggering fines up to 1,000 UIT (approx. PEN 5.1M in 2026) for legal entities. Consent must be explicit and revocable, with technical safeguards mandated for data controllers.
- Código Penal (Art. 207-A): Sharing passwords to access restricted systems may qualify as acceso ilegítimo a sistemas informáticos, punishable by 3–5 years imprisonment if intent to commit fraud or data theft is proven.
- Decreto Legislativo No. 1352 (2017): Extends liability to employers whose employees misuse shared credentials, holding organizations vicariously responsible for data breaches resulting from negligent password practices.