Blog Image
Profile Image Verifile
February 6 2015
From: https://www.huntonprivacyblog.com/2015/02/06/brazil-releases-draft-personal-data-protection-bill/

The Brazilian government issued the Preliminary Draft Bill for the Protection of Personal Data

Hunton, Andrews Kurth reports that on January 28, 2015, the Brazilian government issued the Preliminary Draft Bill for the Protection of Personal Data (Anteprojeto de Lei para a Proteção de Dados Pessoais) on a website specifically created for public debate on the draft bill. The text of the bill (in Portuguese) is available on the website. (http://participacao.mj.gov.br/)

The draft bill applies to individuals and companies that process personal data via automated means, provided that the (1) processing occurs in Brazil or (2) personal data was collected in Brazil. The draft bill would impose data protection obligations and requirements on businesses processing personal data in Brazil, including a:

  • Requirement to obtain free, express, specific and informed consent to process personal data, with limited exceptions. For example, consent is not required if the personal data is processed to (1) comply with a legal obligation or (2) implement pre-contractual procedures or obligations related to an agreement in which the data subject is a party.
  • Prohibition on processing sensitive personal data, except in limited circumstances. For example, sensitive personal data may be processed with the specific consent of the data subject after the data subject has been informed of the risks associated with processing the sensitive personal data. Sensitive personal data includes, among other information, racial and ethnic origins, religious, philosophical or moral beliefs, political opinions, health and sexual orientation information, and genetic data.
  • Obligation to immediately report data breaches to the competent authority.
  • Requirement to allow data subjects access to their personal data and correct it if it is incomplete, inaccurate or out-of-date, with limited exceptions.
  • Restriction from transferring personal data to countries that do not provide similar levels of data protection.
  • Obligation to adopt information security measures that are proportional to the personal data processed and protect the information from unauthorized access, destruction, loss, alteration, communication or dissemination.

The draft bill contains penalties for violations, including fines and the suspension or prohibition of processing personal data for up to 10 years.

Popular Articles

Queens Award Ceremony

Great excitement at the Verifile offices yesterday as we were presented with our Queen’s Award Grant of Appointment and crystal bowl by Her Majesty’s Lord-Lieutenant for Bedfordshire

Read more

candidates bearing false degrees

Recruiters warned not to take degrees at face value in light of closures of 75 websites offering fake degrees

Read more

Verifile wins prestigious Queen’s Award

Today, I am thrilled to announce that Verifile has been awarded the Queen’s Award for Enterprise in the category of International Trade. Our award recognises the outstanding growth in our overseas sales over the past six years.

Read more

Background Screening and CV Verification

Screening the CVs of potential employees can be a time consuming and expensive process which has just become a lot quicker, easier and cost effective!

Read more