Rodrigo, I know everything about you! Your address, your CPF, your credit card, email, phone number, license plates, places you frequent, who you voted for, your skin color, your preferences, your soccer club.
The excerpt above, slightly modified and adapted to this brief article, was taken from an advertisement by one of the largest banks in the country and is, indeed, quite striking. Today, we are exposed to everything. Our life is an open book, with crystal-clear pages for anyone who wants to read it. Access through a link sent to our email, a visit to a website, a registration at an online store to buy a book or, now, during the pandemic, since we must stay home, purchasing food through a delivery app. In all of these activities we are, in some way, leafing through the pages of our private lives and handing them over to a highly profitable market that needs to be regulated.
It is not uncommon to come across news reports in the press about massive data breaches and the improper use of our privacy. The sale of our information has been a systematic practice for a long time, but only now, with the Lei Geral de Proteção de Dados in force, have we begun to pay close attention to the subject. The figures involved in this business are unimaginable.
In the current year, 2021, we have already watched in astonishment the repercussions of two massive data breaches that left our CPFs exposed, along with a vast number of other data points, especially those capable of causing not only personal harm but also financial damage.
The scams carried out vary widely, ranging from unauthorized access to social media accounts to the taking out of loans or credit card fraud, something quite common in the financial market. The logic is that through tracing it becomes possible to identify the origin of the breach, at which point the liability requirements set out in the Law will be examined.
Respect for data security and privacy is one of the fundamental principles of the Lei Geral de Proteção de Dados, which provides, among other things, that data processing agents must adopt security measures, both technical and administrative, capable of protecting personal data from unauthorized access and from accidental or unlawful situations of destruction, loss, alteration, communication, or any form of inadequate or unlawful processing.
While the Agência Nacional de Proteção de Dados is still in its early stages, we have frequently seen judicial bodies monitoring and fining data processing agents with the penalties set forth in the legislation. The penalties for non-compliance with the rules established in the Lei Geral de Proteção de Dados vary and range from a simple warning to percentage fines on the company's revenue, capped at R$ 50 million. In the near future, this will become a dynamic that occurs far more frequently.
Therefore, it is important that companies become aware and establish rules for monitoring and controlling the data collected in the course of their business activities, ensuring the integrity of any data processed to their employees, clients, and suppliers. Implementing the LGPD standards is a reality that must be addressed. We do not want to become another Rodrigo Mendes de Souza, with our privacy violated. In this way, fostering respect for the fundamental rights of freedom, privacy, and the free development of the natural person's personality will be essential.
Edson Berwanger, attorney and consultant. Partner at AdvisorTips
