Data protection & privacy laws in Honduras (2026)

Article 182 of the 1982 Constitution (revised 2013) guarantees all persons the right to access, rectify, update, and suppress personal data held in public or private databases, and to prevent its unauthorized disclosure or transmission.

Decree 170-2006 obliges public institutions to protect personal data, prohibits disclosure of data that could cause discrimination or moral/economic harm, defines confidential information categories, and extends the constitutional habeas data right in the public-sector context.

The Instituto de Acceso a la Información Pública (IAIP) is an independent public body that supervises compliance by public-sector obligated institutions and operates the Portal Único de Transparencia. No dedicated data protection authority with private-sector jurisdiction exists.

A draft Personal Data Protection and Habeas Data Law, prepared by the IAIP and submitted to Congress around 2015, advanced through initial parliamentary chapters but has been suspended since April 2018 without final approval, leaving no comprehensive private-sector data protection regime enacted.

The Transparency Law defines sensitive personal data (ethnicity, health status, personal beliefs) and requires explicit consent for its processing, with limited exceptions. These obligations apply primarily to public-sector and LTAIP-obligated entities, not broadly to private controllers.

Private-sector data processing is not governed by any dedicated data protection statute. There are no statutory requirements for breach notification, data protection officers, or cross-border transfer rules for private entities; individuals must rely on constitutional habeas data court remedies.