LGPD: What does the new Brazilian data protection law say?
People must have control over their personal data and must understand the legal framework of digital businesses. This is because, unfortunately, users’ personal data are often illegally captured, which can compromise their privacy. This whole scenario led to the creation of the General Data Protection Regulation (GDPR) for the European Union, which came into force in May 2018, and now Brazil is preparing to adjust to the new law, very similar to the one that already exists in the Europe. After more than eight years of debates in civil society, Law 13.709 / 2018, the Brazilian Data Protection Law, arrives. The legislation (LGPD) was enacted on August 14, 2018 and is expected to come into effect, definitely, this year. In today’s article, we will know the main points of this legislation.
Concepts of the new law
The holder of the data is the person that the law aims to protect and is the carrier of “personal data that are subject to treatment”, so that legal entities of a collective nature are excluded from the scope of the new law: this law is exclusively to protect people.
The concept of data processing is very important in this legislation and is defined as “any operation carried out with personal data, such as collecting, producing, receiving, classifying, using, accessing, reproducing, transmitting, archiving, storage, disposal, evaluation or control of information, modification, communication, transfer, diffusion or extraction”. This context is very broad and applies to all data processing operations carried out by an individual or collective person, both in the public sector and in the private sector. In order for the law to apply, this data processing must be carried out in Brazilian territory. In the case of foreign citizens, personal data are subject to the new law when they are collected in Brazil and when their treatment is intended to provide goods or services in Brazil.
What will change in practice?
Obligation to delete data when required by the user
Citizens will be able to require companies to delete their personal data, whenever requested by users. The new regulation allows the personal data of each citizen to be destroyed at his request.
Data portability
Citizens may require companies to send their personal data in a format that allows them to be sent to another company, facilitating their migration and making it simpler to change service provision. Whenever a citizen changes banks or a television service provider, he or she will not have to provide his/her personal data again, as they can be easily migrated from one company to another.
Need for express user authorization
Citizens will have full information about how companies treat their data, how they store it, how long they store it and with whom they share their information. The new law applies to all activities involving the use of personal data, including treatment over the internet.
Obligation to notify in case of violation of personal data
Businesses and organizations have a duty to notify the competent authority in situations which put individuals at risk and to communicate to the citizen concerned all high-risk violations as quickly as possible so that appropriate action can be taken. In case of data leaks, the company must inform the competent authority (National Data Protection Authority, an indirect public administration body linked to the Ministry of Justice), which will be responsible for monitoring, implementing and enforcing the law , within a “reasonable period”.
What happens in case of default?
In case of data leakage or any other violation of the law, fines may reach 2% of the billing, with a limit of R $50 million, and may also imply the suspension of the company’s activities.
3 Information Security Lessons We Learned From Black Mirror
You certainly know Black Mirror, a series in which each episode tells us about the use we make of machines and the power we give them. Chatbots, virtual reality and drones are some of the topics covered in this series that make us think about our ethical values and their relationship with technology. Behind each episode, there are several messages to keep in mind, many of which are related to information security. For today’s article, we’ve selected 3 security lessons we learned from Black Mirror!
Simple tips to ensure the privacy of your data
We have never been as concerned about privacy as we are today. Our privacy can be invaded at virtually any time, from data theft on Facebook or theft of bank data. Actually, there are more and more computer attacks, but it is also our responsibility. It is crucial to have good habits to keep our data safe. We have selected a few simple tips to protect the privacy of your data and present them in this article!
Security Trends for 2020
2019 is rapidly moving towards its end and it is time for us to anticipate trends. The area of information security has been one of the main concerns of companies, due to the high number of threats that companies face and also due to the recently legislation in Europe and Brazil. By 2020, security will continue to be a priority for companies wishing to ensure that their data remains confidential. In today’s article, we present the top security trends for 2020!
5 Fatal Mistakes for the Security of Any Business
Information security in companies is an increasingly debated topic. Companies need to protect themselves to ensure their data is not lost in the event of a computer attack or natural disaster. Although there is growing concern about this topic, many companies still make mistakes that can totally compromise business continuity. In today’s article we present the 5 fatal errors for the security of any business!
The importance of data storage for business security
Good management should be based on relevant business, process, market and stakeholder information. In order to have reliable data management, it is becoming increasingly important to use an efficient data storage system in organizations. Proper storage of data is essential for keeping it safe and confidential. The company needs to have a strategy so that the use of technological tools gives the business intelligence. In today’s article, we will see how important data storage is for business security.
How important is information security in a digital environment?
In today’s era of technology, data is the most valuable asset of any organization and must be protected, otherwise it will jeopardize the whole business. The new general data protection regulation has made the importance of information protection even more evident. However, there are still many companies that do not pay enough attention to data security and are at great risk every day to see their information stolen and exposed. In today’s article, we will address the importance of information security in a digital environment.
What are the pillars of information security?
The 6 pillars of information security are:
Integrity: preserves the original data in any environment;
Confidentiality: ensures confidentiality of information, preventing unauthorized persons from being able to access private data;
Availability: allows access to information only to authorized persons;
Authenticity: ensures that the data is reliable, always informing the user about the data sources;
Irretractability: guarantees that the author cannot deny the authorship of the data;
Compliance: Ensures that everything will be done in accordance with current laws and procedures.
Eliminate security risks
- On many occasions, employees and IT service providers need to access confidential company data in order to be able to work. This is a big risk for companies because their security could be compromised due to the access of several people to the information. Thus, it is essential that companies sign confidentiality agreements with these entities in order to protect the data. This way, in addition to increasing employees’ commitment to information security, also ensures legal protection for the company if the data is made public.
- Software that allows data masking, such as Datapeers, is essential in today’s development world. What this solution does is create a “masked” copy of the production base and make it available for development and testing. These solutions blend the contents of the tables maintaining their integrity and relationships. The phone number, for example, is copied into the development environment with valid but not true numbers.
- If employees are not trained to take safety seriously, they will not worry about it on a day-to-day basis. Companies should raise awareness of their human resources to the growing need to protect data as it is a matter that concerns everyone. It is advisable to create a code of ethics and to sign a confidentiality agreement. In addition, not all employees should have access to all information. Each employee must have access only to the information strictly necessary to carry out his work. This way, in case of attack or loss of data, it is much easier to discover its origin.
- Pens, CD’s and external disks can be the entry of many dangerous software into the corporate network, putting information security at risk. Using these devices outside the workplace can put private data at the mercy of anyone. It is not possible to completely eliminate the use of these devices, it is important to restrict their use on some machines, in order to prevent viruses from propagating through the organization.
Best practices to keep your business data safe
Today, digital security requires the attention of all employees in a company. Unfortunately, the digital revolution has greatly increased exposure to attack risks, and so no company is safe from cyber-attack that provides data loss that is essential to the proper operation of the business. And who thinks this should be a concern only of large companies is wrong: all companies are at risk if they don’t protect their information. In today’s article, we’ve selected the best practices to keep your business data safe!
Is your business protected against a computer attack?
Computer attacks are the order of the day. Increasingly, business data is important in day-to-day business, and IT managers are constantly looking for ways to make information more secure. Unfortunately, however careful we may be, we can never guarantee 100 percent that companies are free to suffer a computer attack. For this reason, it is essential that companies use the most appropriate tools to avoid and minimize as much as possible the occurrence of computer attacks. In this article, we’ll give you a checklist of steps you must take to see if your business is effectively protected from a computer attack!
Safety precautions that all companies must have
Data security is an ever-increasing concern in business life, as data is the most important asset of a business. Today, businesses are working every day to increase the protection of their business and take increasingly effective measures to counter the threats that may arise in the digital world. A security flaw and the consequent exposure of sensitive data can seriously compromise a company’s survival, so companies should not (and especially can not) overlook data protection. In today’s article we leave you some safety precautions that every business should have!
