Cybersecurity & Data Privacy
Decree No. 10,222, published on February 6, 2020, continues the Brazilian National Information Security Policy (Decree No. 9,637/2018), approving the Brazilian National Cybersecurity Strategy.
In 2018, the Brazilian National Information Security Policy established principles, objectives, instruments, attributions and competencies about information security for the bodies and entities of federal Public Administration, through the prism of governance. In addition, it provided for the elaboration of the Brazilian National Information Security Strategy, which should include, among others, Cybersecurity issue.
The Brazilian National Cybersecurity Strategy establishes guidelines regarding the actions intended by the government, nationally and internationally, in the field of cybersecurity, for the next four years. The new Decree is the result of a diagnosis of the cybersecurity’s scenario in Brazil and across the globe, and the evaluation of strategies concerning cybersecurity in other countries. Thereafter, national strategic objectives and action axes were established.
The main guidelines pointed out by the Decree aim to make Brazil more prosperous and reliable in the digital environment, increase the Brazilian resilience to cyber threats and strengthen the Brazilian performance in cybersecurity internationally.
The strategic measures brought by the Decree include, for example, the strengthening of cyber governance measures, through governance forums; the establishment of minimum cybersecurity requirements; and the adoption of international standards in product development.
There is also provision for the establishment of a centralized governance model in national level; enhancement of the legal framework regarding cybersecurity; the expansion of the partnership between the public sector, the private sector, the academia and the society; the incentive for conceiving innovative solutions; among others.
The signing of the Decree is in line with the moment of high demand for the regulation of the matter in Brazil, especially considering that the Brazilian General Data Protection Law (Law No. 13,709/2018) comes into force in August, 2020.
The public and private sectors must be increasingly prepared to respond to this issue, with due regard to the new rules that are being incorporated by the Brazilian legal system.