Our Policies
News

Newsletter

4 de October de 2023

Central Bank publishes Resolution on information security incidents involving personal data in the PIX system

Last week, the Brazilian Central Bank (BACEN) published the Resolution 347 of September 26, 2023, which established the need of financial institutions to report security incidents involving personal data to data subjects. This Resolution establishes obligations and penalties for regulated institutions participating in the PIX arrangement regarding non-compliance with security requirements and the occurrence of incidents involving personal data.

The duty to notify account holders (natural persons) arises from the occurrence of any incident involving their personal data in databases related to the PIX infrastructure. Therefore, reporting is mandatory in cases where PIX’s database is involved, even if the financial or payment institution that is the participant providing the account is not responsible for the incident.

It is worth mentioning that the provisions of Bacen Resolution 347/2023 on security incidents are stricter than the provisions of the General Data Protection Law (Law No. 13,709/2018 – “LGPD”) regarding the same matter. This is because the Resolution establishes the obligation to communicate the incident to the data subject even if the incident does not entail a relevant risk or damage to the data subject, while under the LGPD, communication of the security incident is only mandatory if there is a risk or damage to the data subject.

The Resolution 347/2023 also establishes penalties for PIX institutions that do not meet the technical security requirements established. The penalties vary, among other factors, according to the consequences of the incident, the measures adopted by the participating institution to contain and minimize the effects of the incident, the type of institution affected, and the number of PIX keys potentially compromised by the incident.

The Resolution is already in force and its text can be accessed here.

If you wish to obtain more information on this matter, we are available at digital@kasznarleonardos.com.

Back

Last related news

6 de May de 2025

Legal Protection for Developers: Compensation for Irregular Licenses

Our firm recently secured another important court victory on behalf of a software developer client in a lawsuit against a company that Legal Protection for Developers: Compensation for Irregular Licenses

  • Kasznar Leonardos
    • Ler notícia

    24 de April de 2025

    Third Parties and Software Piracy: Companies Remain Legally Responsible

    During software compliance audits, it is not uncommon for companies to claim that pirated programs were installed by external contractors or IT Third Parties and Software Piracy: Companies Remain Legally Responsible

  • Kasznar Leonardos
    • Ler notícia

    16 de April de 2025

    Medicinal Cannabis Review: Public Consultation 1.316/2025 open

    The Public Consultation (CP) No. 1.316/2025, which aims to initiate the review process of Collegiate Board Resolution (RDC) No. 327/2019 from the Medicinal Cannabis Review: Public Consultation 1.316/2025 open

    Ler notícia

    Check out our Social Responsability and Sustainability projects

    Meet our complete team

    13959
    plugins premium WordPress