As organizations in Brazil start to follow the principles of data privacy regulatory standards, they must better understand what sensitive data really is and how to manage it for ensuring compliance.
A definitive look at Brazil’s data privacy laws
Largely aligned to the General Data Protection Act (GDPR), The Brazilian General Data Protection Law (LGPD) is the first comprehensive data privacy and protection law in the country. Before the release of LGPD, data privacy regulations in Brazil were mostly dispersed across legislations. For instance, Federal Law no. 12,965/2014 (a part of the Brazilian Internet Act) imposes limited requirements around the security and privacy of personal data.
What is LGPD?
In force since September 2020, the LGPD has finally come to a regulatory draft after multiple postponements. Regulatory investigations and penalties, however, have only started since August 2021.
According to the iapp, all companies incorporated in Brazil that possess or process the information of Brazilian nationals are expected to comply with the regulation. And companies that fail to comply with the law’s terms may receive a fine up to 2% of their sales revenue, or about $50 million Brazilian Real. This number is almost equal to about USD 12 Million.
Regulatory policies in Brazil
While LGPD has recently come to regulate personal data of Brazilians, there have been a number of general legislative laws that impact data protection. For instance, the Access to Information Law secures the rights to public information in Brazil. The Brazilian Civil Code also protects the rights of citizens on their personal data. As mentioned before, the Brazilian Internet Law also regulates the use of personal data by business entities in Brazil.
Stay ahead of LGPD – and future regulations
Efforts to keep policies up to date or train employees on policies in practice might not be all that companies would need to ensure compliance with the LGPD regulation. In today’s technologically driven world, electronic data of businesses remains dispersed across multiple channels and platforms.
And majority of the sensitive data, especially personal information of individuals, is shared on mobile devices. These mobile communications must be captured and archived to ensure mobile compliance. Therefore, the implementation of a text message archiving solution is one of the key steps to achieving compliance with the LGPD regulation.
The future of privatization in Brazil
As per a release from 2019, Brazil had planned to raise 1.3 trillion reais ($323 billion) in the near future through auctions of licenses to operate critical infrastructure such as oil wells, airports, and ports, and also through the privatization of state-owned companies. In fact, Brazil had privatized or sold state assets worth more than $23.5 billion in the year 2019.
This definitely raises a hint of the upcoming drastic regulatory movements and political challenges in the country. With the increase in private enterprises, regulatory coverage will increase, and more companies will need to track their compliance status. Soon, more businesses will need to archive their electronic records such as mobile communications as a result. In such a scenario, the use of financial regulation text message archiving solutions will be critical.
Brazilian financial sector regulatory structure
The financial sector regulatory structure in Brazil is backed by four specific regulatory bodies. Following are the ones.
- CVM (securities) that regulates the capital markets and all its participants in Brazil
- Central Bank (prudential & financial institution supervision) that monitors threats from both macro and micro perspectives on SFN’s stability and individual financial institutions
- SUSEP (insurance) attempts to guarantee consumers more security and control in accessing their personal data
- PREVIC (pension)
All four regulators function under the National Monetary Council (Conselho Monetário Nacional – CMN) and work towards a shared vision of protecting sensitive data in the financial institutions. These standards impose mandates and create an imperative for businesses to ensure mobile compliance by using financial regulation text message archiving solutions.
Employee communication monitoring
The typical ways of monitoring employee communication have mostly been revolving around emails and social media activity. However, since the Covid 19 pandemic, a lot of businesses have been operating virtually and the use of mobile channels for communication have simply exploded. This has created an urgency for risk and compliance teams to monitor and archive text messages for ensuring mobile compliance.
The Anatel (Brazil) approach to quality of service monitoring for mobile services
As per the latest update, the regulator monitors the quality of mobile telephony in six parameters. The parameters of the regulatory standard are reported in each numbering area under the quality of voice and in each federated region under the quality of data. The broadband quality is also monitored under the same standard. Other technical specifications include metrics like signal strength and portability facilities.
How to use a text message archiver to ensure compliance with LGPD?
By capturing and archiving mobile text messages, businesses can directly capture data from mobile carriers to keep up recordkeeping initiatives of personal data in Brazil and comply with LGPD. The text message archiver, however, must empower businesses to archive text messages and record voice calls to meet compliance obligations.
Enforcement powers of data protection authorities
In its most true nature, data protection authorities and regulatory bodies monitor whether individuals can exercise their rights concerning personal data and evaluate whether the personal data processed by businesses comply with their standards.
If the regulator is suspicious of a violation, the body has the right to execute various investigative powers. In such a case, regulatory enquiries usually track the overall data governance of businesses or advise them to produce specific datasets. On the other hand, if the regulator concludes that a violation has taken place and has been confirmed with evidence, the body may impose administrative fines. To illustrate, the maximum fine for a violation is 2% of an entity’s revenue in Brazil for the prior fiscal year. The levied fines can go up to a total maximum of 50 million reals.
E-discovery
A text message archiving solution is only as good as the degree to which it supports risk management and regulatory compliance. And in both the cases, e-discovery plays a key role.
About TeleMessage
TeleMessage captures and retains mobile content, including mobile SMS messages, voice calls, and WhatsApp, and WeChat conversations from corporate or BYOD mobile phones to ensure compliance with various data protection regulations. The messages are securely and reliably retained within TeleMessage servers or forwarded to your choice of archiving data storage vendor.
Our mobile archiving products securely record content from mobile carriers and mobile devices for various ownership models (BYOD, CYOD, and employer-issued). With our multiple archiving solutions, you can always find the right tools or blend for your requirements:
- Network Archiver
- Enterprise Number Archiver
- Android Archiver
- WhatsApp Archiver
- WeChat Archiver
- Signal Archiver
- Telegram Archiver
TeleMessage offers cross-carrier and international mobile text & calls archiving for corporate and BYOD phones. Visit our website at www.telemessage.com to learn more about our mobile archiving products.
