Data Breaches on the Rise in Brazil

It should come as no surprise that data breaches in Brazil are on the rise. In fact, they’re on the rise everywhere. The real question is whether Brazil’s ready. The government may say it is, but reality could prove otherwise.

In September of last year, Federal Law 13,709/2018, Brazil’s General Data Protection Law or LGPD, entered into force. The law, modeled after the EU’s General Data Protection Law (GDPR), is a comprehensive body of data protection regulations.

Yet even with the new law, it’s unclear whether Brazil’s ready to protect against data breaches. Most companies still lack even basic protections. Far too many businesses rely on websites that transmit data without using a secure protocol. Others don’t properly encrypt user data, and many more don’t offer 2FA.

Recent attacks announced by Porto Seguro, one of the largest insurance companies in Brazil, as well as CVC, one of largest travel agencies in Brazil, highlight the struggle. Now imagine the small accounting firms and law offices that hold sensitive client data. They’re all major targets for hackers.

Perhaps the biggest problem is that Brazilians tend to lack basic knowledge about data privacy protections. Unlike in the US where certain information, such as social security numbers, are top secret, Brazilians tend to hand out their tax ID number to whoever asks for it.

Laws can be helpful deterrents, but if Brazil has a true interest in protecting data, it must engage with society. A public interest campaign designed to teach data privacy hygiene will be necessary if Brazil intends to win the battle.