News

By Felipe de Araújo Monteiro

Central Bank publishes Resolution on information security incidents involving personal data in the PIX system

Last week, the Brazilian Central Bank (BACEN) published the Resolution 347 of September 26, 2023, which established the need of financial institutions to report security incidents involving personal data to data subjects. This Resolution establishes obligations and penalties for regulated institutions participating in the PIX arrangement regarding non-compliance with security requirements and the occurrence of incidents involving personal data.

The duty to notify account holders (natural persons) arises from the occurrence of any incident involving their personal data in databases related to the PIX infrastructure. Therefore, reporting is mandatory in cases where PIX’s database is involved, even if the financial or payment institution that is the participant providing the account is not responsible for the incident.

It is worth mentioning that the provisions of Bacen Resolution 347/2023 on security incidents are stricter than the provisions of the General Data Protection Law (Law No. 13,709/2018 – “LGPD”) regarding the same matter. This is because the Resolution establishes the obligation to communicate the incident to the data subject even if the incident does not entail a relevant risk or damage to the data subject, while under the LGPD, communication of the security incident is only mandatory if there is a risk or damage to the data subject.

The Resolution 347/2023 also establishes penalties for PIX institutions that do not meet the technical security requirements established. The penalties vary, among other factors, according to the consequences of the incident, the measures adopted by the participating institution to contain and minimize the effects of the incident, the type of institution affected, and the number of PIX keys potentially compromised by the incident.

The Resolution is already in force and its text can be accessed here.

If you wish to obtain more information on this matter, we are available at digital@kasznarleonardos.com.

Back

Last by Felipe de Araújo Monteiro

April 22, 2024

New Rules for Payment Transactions by Fixed-Odds Betting Operators in Brazil

In a further step towards regulating the new Betting Law (Law No. 14,790/2023), Normative Ordinance SPA/MF No. 615, of April 16, 2024, New Rules for Payment Transactions by Fixed-Odds Betting Operators in Brazil

Ler notícia

April 17, 2024

Anvisa opens its doors to Startups: Stepping towards Innovation in Medicines

Anvisa recently launched a public notice with the aim of selecting Startups involved in the research and development of medicines, in order Anvisa opens its doors to Startups: Stepping towards Innovation in Medicines

Ler notícia

April 11, 2024

Ministry of Finance Defines Regulatory Agenda for the Betting Market

In another step towards the realization and consolidation of the regulations provided for by the New Betting Law (Law 14.790/2023), the Ministry Ministry of Finance Defines Regulatory Agenda for the Betting Market

Ler notícia
plugins premium WordPress