The Brazilian government has launched a system to mitigate security risks stemming from non compliance with the General Data Protection Regulations within federal government bodies.
The measures, intended to guide central government bodies to analyze risks to citizen privacy in relation to personal data, also include a series of guides aimed at supporting the effective application of the rules.
Launched by the Digital Government Secretariat (DGS), the toolkit is described as a resource to ensure compliance with the data protection law and avoid situations where personal data may be compromised. The DGS noted this is particularly critical as more services are delivered online, citing examples such as requesting the government’s emergency aid during the Covid-19 pandemic through digital means, or in the social security system, in procedures such as the digital proof of life for pensioners.
The DGS system enables the investigation of possible security and privacy gaps in the systems of federal government agencies, as well as contracts and processes in which personal data may need to be analyzed. The platform allows data protection officers to assess 14 different risk levels, through the completion of a questionnaire on the specific case online.
“The [geral data protection legislation] requires much more transparency and adequate management of citizens’ data than the federal government agencies [previously] had to deal with for public policies”, said the digital government secretary at the Ministry of Economy, Luis Felipe Monteiro.
According to Monteiro, data collection was already an everyday practice within the Brazilian federal government, but before the regulations were enforced last year there was no specific focus and coordination around privacy and data protection.
“GOV.BR must protect citizens’ data and ensure their privacy, including the right to know who, where and how their data is being used”, he noted, referring to the platform that consolidates online citizen service provision from central government bodies.
The guides published by the SDG in addition to the assessment platform were produced to guide professionals working with data processing in the federal government. The material is primarily aimed at public servants, but can be consulted by anyone interested in knowing the procedures adopted for the practical application of the Brazilian data protection framework.
The measures follow the SDG announcement in January that all central government organizations in Brazil must appoint a data protection officer (DPO), who will be responsible for the appropriate treatment of personal data at each institution.