BRAZIL Trends and Developments Contributed by: Juliana Abrusio and Mario Cosac, Machado Meyer
address, photo, credit score, income, Internal Revenue Service status and National Social Security Institute ( Instituto Nacional do Seguro Social , or INSS) number were made available on the internet. Part of the data was published for free, such as name and CPF number, while the complete set was sold online. Most recently, during the CNCiber meeting held on 4 December 2024, a new proposal for the E-Ciber text was presented. Now that sug - gestions and changes have been made by the members, the new text should be approved and formalised soon. The new E-Ciber will include a new regulatory agenda, as well as directions for new recommendations to the technology market and digital service providers, in addition to sug - gesting possible legal frameworks to strengthen cybersecurity governance in the country. At the same time, Brazil has sought to improve mechanisms for sharing information about inci - dents and vulnerabilities between the public and private sectors. The creation of Computer Secu - rity Incident Response Team (CSIRT) centres has been encouraged, with the aim of strengthening the capacity to prevent, detect and respond to cybersecurity incidents. Currently, the country has the Cyber Incident Prevention, Handling and Response Centre of the Brazilian Government ( Centro de Prevenção, Tratamento e Resposta a Incidentes Cibernéticos de Governo , or CTIR Gov), which is responsible for co-ordinating cybersecurity actions at government level. In addition, it is worth mentioning the Brazil - ian Strategy for Digital Transformation ( Estra- tégia Brasileira para a Transformação Digital , or “E-Digital”) and the National Information Secu - rity Policy ( Política Nacional de Segurança da Informação , or PNSI). The latter offers a diagno - sis of the challenges of the digital transforma -
tion of Brazilian society and establishes strategic actions, setting trust in the digital environment as one of its axes. E-Digital is focused on two areas, which are: • protection of rights and privacy; and • defence and security in the digital environ - ment. It also presents eight strategic actions, which include the draft of a national cybersecurity pol - icy and a national plan to prevent incidents and cybersecurity threats. Finally, the PNSI was approved through Decree No 9.637/2018 and established within the scope of the entire federal public administration. The PNSI covers: • cybersecurity; • cyberdefence; • physical security and protection of organisa - tional data; and • actions aimed at ensuring the availability, integrity, confidentiality and authenticity of information. This policy is implemented through the Nation - al Information Security Strategy ( Estratégia Nacional de Segurança da Informação , or ENSI) and national plans. Brazilian Data Protection Authority The Brazilian Data Protection Authority ( Autori- dade Nacional de Proteção de Dados , or ANPD) is the entity responsible for overseeing data processing activities, ensuring the protection of personal data. Therefore, its regulation affects all sectors where there is data processing activity, according to the Brazilian General Data Protec - tion Regulation ( Lei Geral de Proteção de Dados ,
63
CHAMBERS.COM
Powered by FlippingBook