Recent events increase the importance of a data protection culture
It is nothing new to live in a data economy. All online and offline activities revolve around this strategic asset. Among the immediate results is the Internet of Behavior (IoB), which combines data derived from technologies focused directly on individuals (facial recognition, location tracking, big data) with associated behavioral events (use of devices, purchases).
At the same time, there is an increase in technological risks, such as cyber attacks, breakdown of information infrastructure, fraud or data theft, among other security incidents. Scenario that favors the practice of crimes in electronic media, such as cloning of Whatsapp, phishing, fraudulent e-commerce sites, ransonware (hijacking of data) and scams involving PIX, the most recurring, according to information available in the booklet of the Civil Police of São Paulo.
In this context, preventive action by organizations is essential to disseminate a culture of privacy and data protection, anticipating problems and risks. This implies the adoption of security, technical and administrative measures to achieve these objectives from the design of the product or service to its delivery, preventing these incidents, as well as identifying, mitigating and excluding risks.
Recently, another major data leak has made international news. This time, a set with more than 3.27 billion access credentials (emails and passwords) to major services (Netflix, LinkedIn, Exploit.in, Bitcoin etc.) are being made available for free on hacking forums. Users are advised to change their passwords, activate two-step verification systems and use password managers.
In Brazil, the Superior Court of Justice (STJ) issued a statement alerting society in general about the sending of phishing emails, improperly credited to the STJ, whose purpose is to illegally obtain personal data from the victims. Such messages generally contain requests to confirm credentials, account, passwords and other sensitive information, as well as incorrect versions of a legitimate URL.
These circumstances undoubtedly expand the importance of maintaining adherence to good practices in privacy and data protection. The governance program in this area needs to include mechanisms aimed at systematic assessment of impacts and risks to privacy and internal and external supervision, in addition to incident response plans, safety standards, technical standards and educational actions.
It is crucial, therefore, to spread a culture around privacy and data protection, which will provide a shared understanding of how these assets should be used in order to support strategic objectives. This means making these values central pillars of the organizational culture, improving the capacity to execute the governance program and maintaining compliance with legal data protection obligations.
Wilson Sales Belchior