The General Data Protection Law (LGPD) represents a historic milestone for Brazil, establishing a set of rules and guidelines for the processing of personal data by companies and public organizations. This legislation aims to ensure the protection of privacy and the rights of individuals, giving them greater control over their data and how it is used.
The LGPD applies to all types of personal data, from basic information such as name and address to more sensitive data such as health history. The law defines several principles that must be followed when processing data, such as the need for the data subject’s consent, transparency and control over their information.
Bank is held responsible for leaked data
Recently, a case came to light in which a bank was held responsible for a data leak. The Third Panel of the Superior Court of Justice (STJ) ruled that the bank was responsible for the leak of the customer’s confidential personal data, which resulted in the application of the “bank bill scam”.
In this case, the bank client was a victim of fraud after receiving a fake bill via WhatsApp sent by criminals pretending to be employees of the institution. The customer paid the bill, believing it to be related to a financing contract, but later discovered that it was a scam.
Initially, the São Paulo Court of Justice (TJSP) had found the client guilty of fraud for conducting negotiation informally and for not verifying the information on the invoice, but after receiving more information, the STJ reversed the TJSP’s decision and concluded that:
• The bank was responsible for the security of its customers’ data
• The disclosure of confidential personal data is considered a failure to provide services.
Data Sharing Policy
One of the most important aspects of the LGPD is the regulation of the dissemination of personal data. The law stipulates that data may only be disclosed with the consent of the data subject, except in some specific situations provided for by law, such as to comply with legal obligations or to protect the life and safety of third parties.
The LGPD also establishes measures to ensure the security of personal data, such as the adoption of technical and organizational measures to prevent unauthorized access, accidental destruction or loss of this information. Companies and public entities that fail to comply with the aforementioned standards are subject to warnings, fines and even suspension of activities.
Impacts and liabilities
The LGPD affects all sectors of Brazilian society, from large comporations to startups. Companies must adapt to the new legislation to ensure the protection of their costumers’, employees’ and partners personal data. This means implementing measures such as creating privacy policies, providing training for employees and adopting information security tools.
This law is a fundamental tool to ensure the protection of everyone’s privacy and rights in the digital world. Understanding the legislation and implementing measures for its use are essential for companies and public institutions, as well as a right and responsibility of all Brazilian citizens.
Tuvis solutions can proactively identify risks, protect against compliance violations and cover the General Data Protection Law (LGPD). Schedule a free demo now and protect yourself and your clients.
