Processing of personal data shall be deemed irregular when it does not obey the legislation or when it does not provide the security that its data subject can expect, considering the relevant circumstances of the processing, among which are:
I – the way in which the processing was carried out;
II – the result and the risks that one can reasonably expect of it;
III – the techniques for processing personal data available at the time it was carried out.
Sole paragraph. The controller or the processor who neglect to adopt the security measures provided in Art. 46 of this Law shall be held liable for damages caused by the violation of the security.