Are there any data breach notification requirements?
A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. Local data protection regulations have required data controllers to report such breaches in certain circumstances.
While there is currently no data breach notification provision under Brazilian law that requires informing regulators, employees and others who may have been impacted by a breach should be notified. This is based on other rules and regulations relating to data protection and the right to be informed. In the event of a breach that results in damages, employees may be eligible to receive compensation.
General Data Privacy Law Security Incident Requirements
Once Brazil’s General Data Privacy Law goes into effect in February 2020, employers (and other data controllers) will be required to inform the national authority and the data subject if a security incident which may create risk or damages to the data subjects occurs.
The communication must be completed in a reasonable timeframe (to be determined) and include:
- a description of the nature of affected personal information;
- information on the data subjects involved;
- an explanation of the technical and security measures that were used to protect the data (subject to commercial and industry secrecy);
- the potential risks related to the incident;
- measures that are being taken to reverse or mitigate the damages that may occur as a result of the breach; and,
- if there is a delay in communicating the incident, the reasons for the delay.
More detailed instructions relating to responding to a data breach may be announced by the national authority (once a national authority is created) prior to the Law going into effect.
Led by PeopleDoc’s Chief Legal & Compliance Officer, the HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers, including the global law firm Morgan Lewis, to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where PeopleDoc’s customers have employees. HR Compliance Assist is a service exclusively available to PeopleDoc customers.