Data leakage is a much-talked-about issue these days, and with the existence of the General Data Protection Law, it is crucial to know its regulation and the rights involved.
This way, learn about seven main questions about data leakage and its regulation in Brazil.
WHEN DO DATA LEAKS OCCUR?
It can be defined as an incident where personal data and/or information considered private and confidential are publicly exposed to third parties without authorization.
In this sense, the information can be accessed, mainly for applying financial scams, in addition to harming the business and the company’s image.
WHAT KINDS OF DATA ARE USUALLY EXPLOITED?
According to a report by IBM, about 80% of company data breaches are related to the loss or theft of customers’ data.
In this sense, there is also data leakage involving intellectual property, anonymized user data, and employees’ data.
WHO IS LEGALLY RESPONSIBLE FOR DATA LEAKAGE WITHIN A COMPANY?
According to the LGPD, those responsible for a security breach within the company, such as the leakage of personal data, are the processing agents, the controller, and the operator.
According to the law, the controller is the company or person who coordinates and defines how the personal data will be treated, from collection to elimination.
On the other hand, the operator is the person who carries out the processing of data on behalf of the controller; that is, it is the person or company that processes and processes personal data following the controller’s orders.
In this sense, the law provides that these agents are responsible for adopting competent security measures to protect their customers’ personal data.
WHAT ARE THE SANCTIONS PROVIDED IN THE LGPD?
Among them, we can mention:
- Notice with the deadline to correct the infractions carried out
- Simple fine of up to 2% of the company’s revenue in the previous year
- Daily fine of up to 2% of the company’s revenue in the previous year
- Publicize the offense committed
- Blocking of personal data related to the infringement
- Deletion of personal data related to the infringement
- Partial suspension of the operation of the database to which the infringement refers
- Suspension of the activity of processing the personal data to which the infringement refers
- Partial or total ban on activities related to data processing
These sanctions can only be applied if they are carried out within an administrative process, where the contradictory and the full defense of companies can be guaranteed.
WHAT ARE THE CONSEQUENCES FOR COMPANIES?
A data leak can have several consequences, such as:
- Administrative sanctions and fines
- Breach of trust in the relationship with the consumer and data subjects in general
- Reputation and image damage for the company
- Individual and/or collective lawsuits by data subjects and consumer protection entities
In this way, it is best to act preventively, adopting measures that prevent any data from being vulnerable.
CAN A CONSUMER SUE A COMPANY?
Suppose the consumer suffers any damage related to the leakage of their data. In that case, they can, yes, file a lawsuit to repair the damage sustained, either for moral or material damages.
Given this scenario, it is increasingly necessary for companies to seek adequate protection, as they may suffer the costs of lawsuits and their convictions.
HOW TO AVOID LEAKAGE OF CUSTOMER DATA?
Undoubtedly, the best way to avoid leaking customer data is to invest in information security and improve these systems within companies.
In this way, in addition to preventing access to data by unauthorized persons, the company will also comply with the provisions of the LGPD.
In this sense, some measures that companies can adopt to ensure security are:
- Investment in threat prevention tools such as antivirus and firewall
- Establish internal policies and access control and authentication tools
- Always keep systems and software up to date
- Perform vulnerability and security analysis of systems
- Promote awareness campaigns and training of its employees and managers
- Create internal and external information security policies
So, these are the main questions about data leakage. Did you like the content and want to learn more about the law universe? Keep following our blog and follow our Instagram.