Currently we are witnessing the increase in cases of cyberattacks all over the World. Within such scenario, it is appropriate to state, without any doubt, that data protection has become an issue for global alert.
At the moment, in the European Union, the effective standard adopted is a regulation known as GDPR (General Data Protection Regulation). This regulation has the objective to protect and guarantee the privacy of the European citizens data.
In a similar manner, however in the format of a law, the LGPD has been elaborated with the intent to also provide the protection of the Brazilian users data. Therefore, providing the privacy of their respective information.
Nevertheless, it is important to point out that despite having things in common, the multinational companies that are already in accordance with the GDPR, will also need to be prepared for the LGPD.
The LGPD without a doubt will change the forms of management of the users information in several companies.
Any company that runs a business, from small to large size ones and which deals with information coming from clients, will need to fit in this new reality.
THE TREATMENT OF THE USER DATA ACCORDING TO THE LGPD
The LGPD regulates the activities for the treatment of personal data from all private individuals.
For this purpose, let us check some important aspects which the LGPD considers important:
- Personal data – It is about an information related to a person in such way that it is possible to identify him(her). Most common data for Brazilians are CPF (Tax Payer Identification Number), passport number and the ID. However, it is necessary to pay attention to other types of data. As well as regular emails and phone numbers.
- Sensitive data – Meaning data that apply to the “racial or ethnical origin of a person, as well as their religious views, political opinions, union affiliations or to organization of religious, philosophical or political, data referring to health or sexual orientation, even genetical or biometrical data, when associated to a natural person.”
Anonymized data – Those data are related to a holder (natural person) which can not be identified, “on such cases, reasonable technical means are used and made available in the occasion of its respective treatment.”
- Holder – “Natural person to whom the personal data are applicable and that are object of treatment.”
- Controller – “Natural person or legal entity, with public or private procurement, who have the duty to take decisions related to the treatment of personal data.”
- Operator – “Natural person or legal entity, with public or private rights, which realized the treatment of personal data in the name of the controller.”
- Foreman – “Person indicated by the controller and the operator to act as a communication channel between the controller, the holders of the data and the National Authority For Data Protection (ANPD).”
UTILIZATION OF THE USER’S DATA FOR COMMERCIAL REASONS
So that a company may utilize the user’s data for commercial ends. Or even, to pass the information to some other partner company. Your consent is necessary.
This consent must be explicit. In such a way that it gets emphasized to the user. Informing the specific purposes of usage of the information. In other words, it is not possible to get a generic approval that might be doubtful.
So it is worth to emphasize that according to the Law and consistently with what is described in the 8º Article of the legislation: The consent shall be provided in writing or by other mean that clearly demonstrates the manifestation of the will of the holder, being requested:
- “In case the consent is provided in writing, the document will have to include a clause detached from the other contractual clauses.”
- “It is the controller’s responsibility to provide the onus of proof that the consent has been obtained in accordance to what was prescribed in this Law.”
- “It is forbidden to treat the personal data by means of vices of consent.”
- “The consent will have to refer to the purposes given, and the generical authorizations to the treatment of personal data will be void.”
- “The consent can be revoked at any moment by means of explicit manifestation of the assignee, through free and facilitated procedures, the treatments done shall be ratified under the support of the consent previously expressed, as long as there is no requirement for the elimination, under the terms of the incise VI of the main section of the article 18 of this Law”
- “In case the information referred in the subsections I, II, III or V of the 9º article of this Law, the controller shall inform the holder, highlighting in a specific manner about the content of the alterations, considering that the holder can, in the situations that his(her) consent is demanded, to revoke if he(she) disagrees about the alteration.”
Based on those standards, it is important that the companies are aware to what is being referred for keeping the consent always updated to the copyright holders for all purposes. Specifically, remembering that the utilization of the user’s data for other purposes must always require a new consent from the copyright holder.
EXCEPTIONS TO THE UTILIZATION OF USERS WITHOUT PREVIOUS CONSENT
There are some exceptional circumstances in which the companies will be allowed to use the data from a user without their respective previous consent. Let’s check some of the most relevant situations that are included in the following law:
- For the compliance in legal proceedings – Example: If it is determined by a judge that the banking transactions undertaken attached to a certain ID or CPF are disclosed.
- For the completion of research projects carried out by survey institutions. However, when possible, keeping the confidentiality (anonymously) of all the data collected from the users.
- In order for the competent authorities to be able to promote campaigns related to public health.
- For the sake of preventing the creation of fraud mechanisms against the copyright holders.
Based in all those information, we can conclude that undoubtedly, it is fundamental that all the companies are able to deal properly with the LGPD.
In this manner, for the sake of better understanding the issue, imagine that the user data are kind of a virtual relic. And considering from this perspective, it becomes essential to preserve those data, so that they won’t be exposed in an illicit way.
For example, consider the hypothetical situation that a user might be receiving constant phone calls arising from several companies, without his(her) previous approval. This particular user might have part of the time available in his day undermined, by unwanted phone calls.
It is for cases like such, amongst other situations, that the LGPD will be helpful guaranteeing the protection and the privacy of data of its respective users.
No matter how much the law represents an advance, there is no perfect protection. With that said, it is important to mitigate all the possible the vulnerabilities. Such as, creating plans for responses to threats. Increasing the protection of the data from users and Companies. Among the controls that can be applied, the management of the traffic and also the assets of a network will be valuable allies in this important battle for the protection of our data.
In this sense, there is no doubts about the importance of having investments in network management. Bringing therefore not only benefits to the visibility of networks but also being a way to seek for increased governance and efficiency.
Thinking of that, Telcomanager with more than 17 years of experience in the market, and a leading Latin America brand in the sector of software for managing networks. Also counting with a unique and innovative technology, deploying smart solutions in the monitoring of data that will provide a stratified vision of the traffic, is now allowing your Company to follow the most important aspects of your network, in real time.