Auxílio Brasil: those who had leaked data can win R$15 thousand – 09/21/2023 – Market

The 1st Federal Civil Court of São Paulo determined that around 4 million people be compensated R$15,000 for having been victims of data leaks in the second half of 2022. Most of them were beneficiaries of the Auxílio Brasil program, boosted in on the eve of the presidential election.

The amount must be paid by Caixa Econômica Federal, Dataprev (federal government technology company responsible for online services), ANPD (National Data Protection Authority) and the Union. The action was filed by Instituto Sigilo, and the sentence was published in last day 6.

The list of people whose names were leaked is not public. For this reason, judge Marco Aurelio de Mello Castrianni ordered that all defendants notify by letter those people who will receive compensation. But companies and entities can still appeal the first instance decision.

Caixa informed the Sheet which has already appealed. “The bank clarifies that it did not identify, in a preliminary analysis, a data leak under its custody and reinforces that it has adequate infrastructure to maintain the integrity of its database and the security of the Single Registry systems, ensuring compliance with the precepts set out in the LGPD “, he stated in a note.

The ANPD said it will appeal, but added that it will only comment on the decision after being formally notified about it. A Sheet there was no response from Dataprev.

According to Instituto Sigilo, which cites a report from Brazilian Report, the leaks included full address, cell phone number, date of birth, value of the benefit received and NIS (Social Identification Number) and CadSUS numbers. This data reached banking correspondents, who used the information to offer loans and other financial products.

For the Federal Public Ministry, the fact that the leak occurred in companies and public bodies to which millions of Brazilians trusted the protection of their data makes the case even more serious. “This violated data remains in the registry and database of countless institutions, as well as in the possession of third parties who can easily make malicious and fraudulent use of this information, to the clear material, moral and social harm of these citizens”, highlighted the prosecutor of the Republic Karen Louise Jeanette Kahn.

In addition to compensating the victims, the judge ordered the defendants to pay R$40 million for collective moral damages, an amount that will be donated to the Fund for the Defense of Diffuse Rights.

Companies will also need to communicate to data subjects the occurrence of the security incident that resulted in the leak, the measures taken to mitigate the consequences and plans to resolve any risks. The court decision also established the review of data storage systems, the development of security and preventive control mechanisms and the provision of records and information related to breaches of confidentiality.

Finally, the magistrate denied the MPF’s request for the production of expertise on the institutions’ IT system.