This paper describes and discusses the relation between cybersecurity and corporate governance with a special interest on data protection in Latin America and the Caribbean. The motivation for the work resides in the growing role that data protection and privacy laws and regulations in developed countries reserve for corporate governance. These laws increasingly assign responsibilities to boards of directors and management with the expectation to incentivize firms to take data protection seriously in the face of cybersecurity and privacy risks. The paper presents these new rules and explores their current and potential use in the region, focusing on the rules and practices on data protection by Argentina, Brazil, Chile, Colombia, Mexico, Peru, and Uruguay. The paper was commissioned by the United Nations Economic Commission for Latin America and the Caribbean, ECLAC.