By: Leonardo Neri
Released last September, the new General Data Protection Law had its first court order for search and seizure based on its rule last week, 10/06.
The Judiciary of São Paulo granted the warrant due to a suspected misuse of undisclosed personal data of clients of a health brokerage firm. For this act, the owners of the company will be charged in civil and criminal proceedings.
It is worth noting that the measure taken by the São Paulo court will have greater effects on other companies that use virtual data in a similar way to the brokerage firm in question, mainly in the regions of São Paulo and Rio de Janeiro, warning of a rapid adaptation to the new rules in force.
When dealing with the health area, it is extremely important to note that the health segmental organization has a high flow of data sensitivity, requiring extra care to update and adapt this information, and in the same way, strictly following the new tools presented by the LGPD, especially the maintenance of security and processes that involve this data within corporations.
Furthermore, due to such negligence, fines for improper use of data can reach up to R$1,400,000, increasing depending on the company, the case, the economic condition of the affected party, the degree of damage, the severity of the rights affected, recidivism, etc., and will be applied from August 2021. However, fines may be based on the assumption of personal information leaks, such as payments, health data, calls, emails and inappropriate messages.
Finally, the penalties and fines of the new LGPD present: Publication of the violation: The company makes the act public and those who seek it will have access to what happened. Blocking of affected data: Administrative sanction that prevents the use of personal data that has been the target of bad actions. Warning: Previous penalty for the company to adapt to the new rules, otherwise a fine will be applied. Daily Fine: Until the fault is corrected. Simple fine based on revenue: Up to 2% of billing. Deletion of personal data: Last penalty, imposes the complete deletion of the client's personal data from their respective service.
Source: O Globo / https://damiaosomaxi.jusbrasil.com.br/noticias/1230032495/justica-cumpre-primeira-busca-e-apreensao-com-base-na-lgpd