|
|
Much more than just a good transparency practice, communicating a personal data security incident to data subjects is a legal obligation established by the General Data Protection Law (LGPD).
The main objective of this measure is to ensure that data subjects are aware of what happened and to enable the mitigation of risks arising from the incident. Upon being informed of what happened, data subjects can take effective measures to protect their data, such as changing passwords, monitoring accounts, email and social networks, in addition to taking other security measures.
Demonstrating an organization's commitment to ensuring gambling data south korea the security of data subjects is undoubtedly a market differentiator. Rapid and effective communication demonstrates not only a commitment to data subjects, but also good faith and engagement with the protection of personal data before the market, the National Data Protection Authority (ANPD) and other regulatory bodies.
Furthermore, it is worth remembering that the adoption of good practices, such as efficient communication of the incident to the holder, can reduce by 20% the value of fines that may be applied by the ANPD, according to resolution CD/ANPD No. 4 , published on February 24, 2023.
The main standards that currently regulate the use of artificial intelligence (AI) tools in Brazil are the General Data Protection Law (LGPD), the Civil Code, the Internet Civil Framework, the Consumer Code, as well as the Federal Constitution itself.
In the specific case of the LGPD, it is notable that the law establishes a series of legal obligations and risk mitigation measures that must be used by agents who use AI tools, which includes the adoption of measures capable of protecting personal data from unauthorized access and accidental or unlawful situations of destruction, loss, alteration, communication or dissemination.
It is important to highlight art. 20 of the LGPD , which guarantees the data subject the right to review automated decisions based on personal data, with emphasis on personal, professional, consumer, credit or personality profiling. Access to clear and adequate information regarding these decisions and their parameters is guaranteed.
However, protection is guaranteed for commercial and industrial secrets, that is, proprietary technical knowledge that can provide a competitive advantage to a company. Such protection includes, for example, know-how on certain processes and applications. Naturally, publicly known information is not considered a business secret, nor is information that is obvious to people with notable knowledge on the subject.
|
|
發表於