ANPD Updates Information Security Incident Notification Guidelines

Cristiane Manzueto, Rodrigo Leal, and Flavia Telles of Mayer Brown write:

The Brazilian National Data Protection Authority (ANPD) has published new guidelines on information security incident notifications, which are required whenever an incident is likely to create risks or cause significant damages to data subjects.

In summary, here are the new updates:

A new form for Security Incident Notifications (CIS) has been made available for use as of January 1, 2023.

It was confirmed that the obligation to report incidents directly to the ANPD is imposed only on the controllers—removing any doubt that this obligation could fall on the processors, but processors should always report the incidents to their controllers). ANPD also recommended that these duties be provided for in contracts signed between the parties…..

Read more about the new guidelines at Mayer Brown.

Bombay High Court Orders Department of Telecommunications to Block Medusa Accounts After Generali Insurance Data Breach
Cyber-Attack On Bectu’s Parent Union Sparks UK National Security Concerns
Romanian prisoner hacks prison IT system in plot made for a Netflix movie
John Bolton Indictment Provides Interesting Details About Hack of His AOL Account and Extortion Attempt
UK: 'Catastrophic' attack as Russians hack files on EIGHT MoD bases and post them on the dark web
A business's cyber insurance policy included ransom coverage, but when they needed it, the insurer refused to pay. Why?

Related: