{"id":3427,"date":"2017-02-06T00:00:00","date_gmt":"2017-02-06T00:00:00","guid":{"rendered":"https:\/\/dev.abes.com.br\/?p=3427"},"modified":"2017-02-06T00:00:00","modified_gmt":"2017-02-06T00:00:00","slug":"protecao-de-dados-pessoais-o-papel-do-governo","status":"publish","type":"post","link":"https:\/\/dev.abes.com.br\/en\/protecao-de-dados-pessoais-o-papel-do-governo\/","title":{"rendered":"Protection of Personal Data, the role of the Government"},"content":{"rendered":"
\n\t\"\"<\/div>\n
\n\tBy Francisco Camargo, President of ABES<\/div>\n

<\/p>\n

\n\tJanuary 6, 1978, a historic date, France is the first country in the world to create a law on information technology, archives and freedoms, according to the nomenclature of the time.<\/p>\n

\tThe concern, then, was that with the capacity of information technology, the French government would cross all citizens' databases and end the privacy of the French and the law should establish limits for that.<\/p>\n

\tSince then, governments have managed to cross-check all the data about our personal lives, they know how much we spent on credit cards during the year, what our financial transactions were, how many fines we took and, therefore, where we were, the hotels we were in. we stay, you know what we access on the internet etc.<\/p>\n

\tLet us suppose that governments act in good faith and, therefore, those who should not do not fear. The problem is that the government is capable of doing all of this and so are criminal organizations. This has to be taken into account in any national information security and data privacy policy.<\/p>\n

\tSince May 2016, Bill 5276\/2016 has been discussed, which deals with the Protection of Personal Data, which is a sensitive issue, because on the one hand, one wants to have the maximum of personal privacy, with the maximum comfort and without hindering the development of the country, in an era when the world economy turns into a data-driven economy.<\/p>\n

\tFrom an analysis of the project, article 2 draws attention :, item III:<\/p>\n

\tThe discipline of personal data protection is based on respect for privacy and:<\/em>
\n\tI-                     <\/em>Computer self-determination;<\/em><\/p>\n

\tII-                   <\/em>Freedom of expression, communication and opinion;<\/em><\/p>\n

\tIII-                  <\/em>The inviolability of intimacy, privacy, honor and image<\/u><\/em>;<\/em><\/p>\n

\tIV-                 <\/em>Economic and technological development; and <\/em><\/p>\n

\tV-                   <\/em>Free enterprise, free competition and consumer protection.<\/em><\/p>\n

\tAs well as Article 5, which describes, in its item I, the following:<\/p>\n

\tI-                     <\/em>Personal data: data related to the identified or identifiable natural person, including identifying numbers<\/u>, location data or electronic identifiers when they are related to a person;<\/em><\/p>\n

\tIn fact, privacy means that no one is going to break into your home or work to threaten you, steal it, or that no one is going to use your name, steal your identity.<\/strong><\/p>\n

\tThe following three stories, which take place every day, concretely illustrate Item III of paragraph 1 of PL 5276\/16.<\/p>\n

\tThe retiree:<\/strong><\/p>\n

\tThe phone rings, the retiree answers and those who introduce themselves say that they are part of the Central de Bancos (?):
\n\t 
\n\tCB - Good morning, I would like to speak with Ms. Leticia.
\n\t 
\n\tLe - It's her.
\n\t 
\n\tCB - Good morning mistress<\/u> Leticia, this is Alfredo, from the Audit of Central Bank<\/u>, and I would like to confirm that you really want an MCard Black Card for retirees<\/u>, with no annuity fee for the rest of your life and with a credit limit of 20 thousand reais?
\n\t 
\n\tLe - Well, does it really cost?
\n\t 
\n\tCB - Absolutely and the interest rate is the lowest in the market: 1.99% per month against 14% of other cards.
\n\t 
\n\tCB - I need to confirm some data that I already have with you, because I need positive identification that you are really Dona Leticia. I speak and the lady only confirms:
\n\t 
\n\tCB - Yours CPF<\/u> is 202.728.497-08? The Lady resides<\/u> to Rua Santa Ant\u00f4nia, 45? Your mother<\/u> is it Judith? Your Bank account<\/u> Federal is at agency 3045, account 27889-5?
\n\t 
\n\tCB - Very good, your identification is confirmed.
\n\t 
\n\tCB - To finish and you receive your MCard Black without an annual fee for the rest of your life, we need Xerox copy of your Identity Card, CPF and proof of residence<\/u>, may be the electricity bill.
\n\t 
\n\tCB - As it is an MCard Black card, we will send a messenger<\/u> to your home to collect the documents. The card and the password will be mailed to you in separate envelopes.<\/p>\n

\tShe calls her son, just before handing over the documents to the bearer, and he manages to convince her that it was all just a scam, another identity theft.<\/p>\n

\tApparently the only place where criminals could access all this data is in the INSS registry. Has the registration data been hacked?<\/em><\/p>\n

\tThe fine:<\/strong><\/p>\n

\tJos\u00e9 receives a traffic ticket for not respecting the rotation in S\u00e3o Paulo, R$ 130.16, check the photo, check the plate, check the date, check. As it is suspicious, check RENAVAN, check.
\n\t 
\n\tDo not remember to ride the car on Thursday, but come on, pay within 30 days with a discount of 20%, better pay at the bank right away to get rid of the problem and save R$ 26.00.
\n\t 
\n\tIn the licensing, months later, he verifies that that fine never existed.<\/p>\n

\tCriminals take random photos, set up the fine, with a bar code that leads to the bank account of some "orange". They got all of Jos\u00e9's data somewhere, from the sign they got to RENAVAM, from RENAVAM to his address and sent the false ticket.<\/p>\n

\tHas the registration of Detran or Contran been hacked?<\/p>\n

\tThe magazine:<\/strong><\/p>\n

\tMaria receives advertisement for the magazine in her e-mail, but on behalf of her late father. Strange, he never had an email in his life. Maria reflects on the problem and remembers that the only place where she informed her e-mail as her father's was in the Income Tax.<\/p>\n

\tHow did the magazine get access to your father's records at the IRS?
\n\t 
\n\tAs the debate on privacy and data protection now permeates society, Congress, Executive and Judiciary, it is time to go back to the origins of the problem and clearly discuss what is personal data, metadata and what is actually meant by privacy and the real role of the Government.<\/p>\n

\tNobody wants their personal data to be used by criminals to steal their identity, invade their home when they go on vacation, kidnap their children at school, and even divulge their intimacy.<\/p><\/div>\n

\n\t\"\"<\/div>\n
\n\t
\n\tArticle 5 of PL 5276\/16, item one recalls that it is personal data: including identifying numbers.<\/u><\/em><\/p>\n

\tThe most important personal data that everyone has in Brazil, their unique identification number, is their CPF number, and oddly enough, this data is public.<\/p>\n

\tDo a Google search by placing your name in the search field followed by your CPF and you will certainly find your CPF.<\/p>\n

\tAnother very important personal data is your residence, use the same search site and you will easily find your address.<\/p>\n

\tThe most important personal data, CPF and residence, are in Public Databases, which are not encrypted or have no controlled access. Any employee with the appropriate credentials can access it and no one controls the need for that access<\/u>.<\/p>\n

\tAny legal action you take part in has your CPF available to anyone who wants to see it.<\/p>\n

\tThere is even the legend that it is possible to buy the registration of Taxpayers and the INSS at Rua Santa Efig\u00eania in S\u00e3o Paulo, with the registration data and even anyone's income.<\/p>\n

\tEvidently, Justice has to be transparent, but with today's technology it is possible to encrypt data and, when presenting, use technology Format Preserved Encription<\/em>, and the data appears in the preserved format, as credit cards do:<\/p>\n

\tJos\u00e9 Antonio Silva, CPF 201.XX9.XX7-49, resident and domiciled at ALXMXXA XOX NXXBIQXXS n. 0X7X, email JXXXXO.XXXA@UOL.COM.BR.<\/em><\/p>\n

\tThis data would be enough to identify Mr. Silva, but not enough to steal his identity.<\/p>\n

\tIt bothers me to receive unwanted e-mails, as the issuer is not respecting the Code of Ethics, but it bothers me a lot more to have my identity stolen, credit cards issued in my name and an unknown debt appearing at the end of the month.<\/p>\n

\tTechnology cannot and should not override Individual Privacy, but on the contrary, in Brazil today, certainly more technology, more encryption, masked presentation of data with the preserved format, would indeed help to defend our privacy.<\/p>\n

\tThe attack on privacy does not come only from websites that aid navigation, nor from those offering shoes, but it comes mainly from the lack of technology and security in government databases at all three levels.<\/p>\n

\tData protection begins with the protection of data held by governments.<\/p>\n

\tAlthough the Federal Government has advanced in information management and security, with the launch of a national information governance policy and strategy in 2016, there is much to be done in this area, both in the federal government and in state and municipal governments.<\/p>\n

\tThere is one missing national standard<\/strong> for all levels of government, something like PCI, which is the international standard for credit cards (Payment Card Industry Data Security Standard), which defines the minimum standards for the storage and exposure of private data held by Governments, without this, privacy is not guaranteed.
\n\t 
\n\t 
\n\tFrancisco Camargo<\/strong> he is a production engineer at the Escola Polit\u00e9cnica da USP, with courses at the School of Communication and Arts at USP and at Harvard Extention School, he is an entrepreneur and a specialist in Information Security.<\/em><\/div>","protected":false},"excerpt":{"rendered":"

By Francisco Camargo, president of ABES January 6, 1978, a historic date, France is the first country in the world to create a law relating to information technology, files and freedoms, according to the nomenclature of the time. The concern, then, was that with the capacity of information technology, the French government would cross all [\u2026]<\/p>","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[8,19],"tags":[],"class_list":["post-3427","post","type-post","status-publish","format-standard","hentry","category-artigos","category-ultimas-noticias"],"acf":[],"publishpress_future_action":{"enabled":false,"date":"2026-06-14 02:10:57","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"category"},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/dev.abes.com.br\/en\/wp-json\/wp\/v2\/posts\/3427","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dev.abes.com.br\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dev.abes.com.br\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dev.abes.com.br\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/dev.abes.com.br\/en\/wp-json\/wp\/v2\/comments?post=3427"}],"version-history":[{"count":0,"href":"https:\/\/dev.abes.com.br\/en\/wp-json\/wp\/v2\/posts\/3427\/revisions"}],"wp:attachment":[{"href":"https:\/\/dev.abes.com.br\/en\/wp-json\/wp\/v2\/media?parent=3427"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dev.abes.com.br\/en\/wp-json\/wp\/v2\/categories?post=3427"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dev.abes.com.br\/en\/wp-json\/wp\/v2\/tags?post=3427"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}