By Felipe de Araújo Monteiro
October 4, 2023
Central Bank publishes Resolution on information security incidents involving personal data in the PIX system
Last week, the Brazilian Central Bank (BACEN) published the Resolution 347 of September 26, 2023, which established the need of financial institutions to report security incidents involving personal data to data subjects. This Resolution establishes obligations and penalties for regulated institutions participating in the PIX arrangement regarding non-compliance with security requirements and the occurrence of incidents involving personal data.
The duty to notify account holders (natural persons) arises from the occurrence of any incident involving their personal data in databases related to the PIX infrastructure. Therefore, reporting is mandatory in cases where PIX’s database is involved, even if the financial or payment institution that is the participant providing the account is not responsible for the incident.
It is worth mentioning that the provisions of Bacen Resolution 347/2023 on security incidents are stricter than the provisions of the General Data Protection Law (Law No. 13,709/2018 – “LGPD”) regarding the same matter. This is because the Resolution establishes the obligation to communicate the incident to the data subject even if the incident does not entail a relevant risk or damage to the data subject, while under the LGPD, communication of the security incident is only mandatory if there is a risk or damage to the data subject.
The Resolution 347/2023 also establishes penalties for PIX institutions that do not meet the technical security requirements established. The penalties vary, among other factors, according to the consequences of the incident, the measures adopted by the participating institution to contain and minimize the effects of the incident, the type of institution affected, and the number of PIX keys potentially compromised by the incident.
The Resolution is already in force and its text can be accessed here.
If you wish to obtain more information on this matter, we are available at digital@kasznarleonardos.com.
Last by Felipe de Araújo Monteiro
July 19, 2024
ANPD in the spotlight: Brazilian Data Protection Authority approves Regulation about the DPO and discloses new platform for data subject’s requests
Regulation for Data Protection Officer’s Practice This week (Tuesday, 16), the Brazilian Data Protection Authority (ANPD) approved the Resolution CD/ANPD No. 18, … ANPD in the spotlight: Brazilian Data Protection Authority approves Regulation about the DPO and discloses new platform for data subject’s requests
July 15, 2024
Ministry of Finance publishes new rules for betting in Brazil
The Ministry of Finance has published an Ordinance aimed at regulating the betting and gaming market in Brazil. Ordinance SPA/MF No. 1,143, … Ministry of Finance publishes new rules for betting in Brazil
July 5, 2024
Kasznar Leonardos was ranked by Leaders League Brasil 2024
We are pleased to announce that we have been ranked by Leaders League Brasil, a reputable legal publication, for another year. In … Kasznar Leonardos was ranked by Leaders League Brasil 2024
- Claudio Roberto Barbosa
- Elisabeth Kasznar Fekete
- Fernanda Magalhães
- Felipe de Araújo Monteiro
- Filipe da Cunha Leonardos
- Flávia Benzatti Tremura Polli Rodrigues
- Gabriel Francisco Leonardos
- João Luis D’Orey Facco Vianna
- Luciana Yumi Hiane Minada
- Maria Pia Guerra
- Nancy Satiko Caigawa
- Rafael Lacaz Amaral
- Rosane Tavares
- Tatiana Almeida Silveira
- Viviane Trojan
- Larissa Ferreira Martins