COVID-19 has affected life as we know it, and criminal law is not exempt from these changes. During the last few months, we have been forced into long-term lockdown, and have had to learn to live with social distancing. While this process takes place, criminality has also been transforming and adapting to our new reality. Hence, this newsflash intends to highlight the crimes that have become increasingly relevant during the pandemic, and some crimes that have become prevalent as an indirect consequence of the lockdown.
Even though the judicial system has been mostly at a stand-still these past few months, criminal justice has continued to operate at a regular pace. This, because criminal prosecution cannot be suspended, and any subject related to an individual’s freedom must continue as well. Until the date of this publication there have been over 150 reported criminal investigations related with crimes with direct relation with the pandemic, such as the violation of sanitary measures. Therefore, it is relevant to analyze these crimes, and how to prevent their occurrence.
Crimes directly related with the pandemic are the violation of sanitary measure (Section 368, Colombian Criminal Code) and propagation of an epidemic (Section 369, Colombian Criminal Code). The first one has been used against any person who has violated any sanitary or biosecurity measure issued by the Government. i.e. international travelers violating mandatory quarantine or people organizing clandestine parties in rural or urban areas. Nevertheless, this crime can also be used against officers and executives of a company that does not comply with the biosecurity measures imposed by the Government or the respective Mayors. Now, even though companies cannot be held criminally liable in Colombia, they can be called as liable third parties for any damage caused by their officers or executives within the incidental hearing of redress. Therefore, companies must have written protocols regarding to the application of biosecurity measures and they should also have a compliance system in place that ensures the implementation of these protocols.
Regarding the propagation of an epidemic, this crime has been used against individuals that are infected and despite knowing their condition, decide to violate the preventive measures imposed by the Government, infecting third parties. i.e. the case of a doctor that was infected during international travel, and once back the offender omitted to inform his situation in his workplace, infecting several coworkers. Moreover, there is debate regarding cases in which someone with COVID related symptoms but who has not taken the diagnostic tests, infects third parties. This, to the extent that, although they were not certain if they were positive for the virus, they were aware that they could possibly be infected. Therefore, companies must have daily records of their employees’ health condition so that preventive measures can be taken regarding any high-risk cases. This kind of measures are good corporate practices that may prevent organizations of being subject of administrative penalties. Also, these practices can help prevent companies being subject of civil liability within a criminal procedure in the incidental hearing of redress.
On the other hand, lockdown has forced companies to rush into digitalization. As so, apps like Zoom, Skype or Teams has become necessary for a company to maintain its productivity. Therefore, companies are optimizing their digital tools so that employees can work from home. Nevertheless, all these changes bring along new risks associated to the vulnerability of computer systems. Also, these risks have an exponential growth because of the generalized lack of knowledge in safe practices for a digital environment. Hence, as digitalization might be good for companies, it is important to learn how to use all these new tools in an adequate manner. Regarding criminal law, this means a boom in the commission of cybercrimes for which the companies must be prepared.
These crimes can be found in the Colombian Criminal Code between Sections 269A to 269G and, are focused on penalizing unlawful non consented acts against the owners of the data or information or acts that are outside the given consent. These criminal conducts are usually aimed at gathering private or semiprivate information of the users, regardless of the nature of the information (personal, public or commercial).
When a cybercrime is committed it affects the reliability, integrity and disposition of the data and information within a computer system. Some of the most highlighted cybercrimes are the following: abusive access to a computer system, used when a third party gains access without consent, or outside the consent given for any digital system (personal, or institutional e-mails, databases, among others); unlawful blocking of a computer or telecommunication system, used when a third party blocks any system so that the users cannot access to it to do their duties. i.e. DDoS attacks done by Anonymous; unlawful access to personal information which consists in gathering of personal or semiprivate data of individuals and/or companies without complying with the requisites imposed by the habeas data law, what usually occur by the intrusion of third parties into databases.
It must be taken into account that even though many of these crimes can be committed by anonymous third parties, it is also possible that in many cases those digital attacks come from known third parties that have knowledge of the digital practices of their victims, and so they try to take advantage of them. This, to obtain valuable information or to ask for money or assets in exchange for stolen data. In this sense, it is important for individuals and companies to have digital security protocols, and for companies to invest into developing good digital habits among their employees. Likewise, it is a good corporate practice to file criminal complaints against these type of acts when they occur, to demonstrate that the organization has a zero tolerance policy against the commission of crimes, and it also works as a dissuasive measure to prevent future possible attacks by third parties that are related to the company.
For more information, please click on the following links to access recent conferences we have given on the topic: