An Overview Of Cybersecurity Regulations In Brazil

In Brazil, different regulatory agencies deal with cybersecurity regulations. These regulatory agencies include the Central Bank, the Securities and Exchange Commission, the National Telecommunications Agency and the Brazilian Private Insurance Authority. 

cyberattacks, An Overview Of Cybersecurity Regulations In Brazil

RIO DE JANEIRO, BRAZIL – In the digital world, interconnectivity plays an extremely important role and it comes with both its pros and cons. For instance, interconnectivity allows businesses to run smoothly, however, at the same time, it also poses a threat to compromising confidential information with cyberattacks.

In the past few years, the cybersecurity threat has increased all across the globe and it has spared no one from cyberattacks. Private organizations, government institutes, financial institutions, and individuals, all have been victims of cyberattacks.

In Brazil, the most common form of cyberattacks in recent past years have been fraud, scams, worms, intrusions, and denial-of-service or DoS attacks. Rising instances of this have given cybersecurity regulations the limelight that it deserves. 

Who Deals With Cybersecurity Regulations In Brazil?

In Brazil, different regulatory agencies deal with cybersecurity regulations. These regulatory agencies include the Central Bank, the Securities and Exchange Commission, the National Telecommunications Agency, and the Brazilian Private Insurance Authority. 

The Central Bank regulates the cybersecurity measures that are taken in various financial and payment institutions. The Securities and Exchange Commission establishes the rules and the required procedures to operate the rules in the regulated securities markets.

The National Telecommunications Agency plays a vital role in creating cybersecurity regulations that are applicable to the public interest of telecoms. Lastly, the Brazilian Private Insurance Authority works toward meeting the cybersecurity requirements of the different local reinsurers, capitalization companies, pension companies and insurance companies. 

General Data Protection Law of Brazil 

The General Data Protection Law of Brazil regulates the law that deals with how the personal data of individuals are collected and then is used, processed and stored. These laws play a vital role when it comes to maintaining the relationship between the customers and employers, employees and suppliers. Basically, it deals with everything where personal data is collected both in the digital and the physical space. 

cyberattacks, An Overview Of Cybersecurity Regulations In Brazil
Individuals can equip themselves to fight phishing attacks or find their IP address on What Is My IP and take the necessary measures for hiding the IP address to stay safe digitally (Photo internet reproduction)

It is important to realize that cybersecurity measures need to be taken both by the government and the individuals. Individuals can equip themselves to fight phishing attacks or find their IP address on What Is My IP and take the necessary measures for hiding the IP address to stay safe digitally. The General Protection Law of Brazil asks the stakeholders to implement the necessary security measures for maintaining technical and organizational security to avoid any unlawful or accidental situation that can result in any destruction, change or loss of data. On the other hand, the Brazilian Data Protection Authority works with the measures that need to be adopted in order to assess the penalties that the companies have to bear for the data breaches and other non-compliance rules. 

In addition to that, there are also laws that deal with critical infrastructure like services, assets and facilities whose destruction or interruption can have economic, social, national, political and international impact. Currently, cybersecurity and critical infrastructure play a critical role for the Brazilian Government. Work is still carried on to ensure proper implementation of the cybersecurity regulations in the country. 

The latest law, the National Cybersecurity Strategy is a soft law that was introduced in 2020. With this new law, the government is aiming to guide Brazilian society on the different cybersecurity measures that the government wants to take place between 2020 and 2023. However, this law is not legally binding but still plays an active role as it acts as an important tool for the government to improve the cybersecurity measures taken in the country. 

Brazil has been constantly working towards strengthening different regulations on cybersecurity by bringing in strong cybersecurity policies from time to time. The country is also a member of the Budapest Convention, an international convention that works by exchanging different jurisdictions for investigating cybercrimes. Being a part of this convention plays a critical role for Brazil in improving the cybersecurity measures implemented in the country by enabling them to keep pace with other countries in fighting cybercrimes. 

Brazil has already introduced different laws, institutions and regulations for cybersecurity. However, there is still a scope for improvement in the area which can be strengthened by ensuring cooperation between different stakeholders like the private and public sector, the academic community and civil society.