Publications - 11/10/21

Practical Impacts of the Brazilian Data Protection Law (LGPD): Insurance against cyber-attacks became more expensive in Brazil

The administrative sanctions established in the Brazilian Law nº 13.709/2018, the Brazilian Data Protection Law (“LGPD”), came into force in August, 2021[1], and combined with the substantial growth in the digitalization of work cause by the Covid-19 pandemic, is responsible to the increase for the demand and of prices of insurance against cyber-attacks in Brazil.

Article 52 of LGPD provides for administrative sanctions for agents who violate the rules established in the law, which include fines that can reach up to R$ 50 million. Also, companies that process personal data in the terms of LGPD are still required to repair material, moral, individual or collective damages caused as a result of the its data processing activity in violation of the data protection legislation.

In this sense cyber-attacks represent a point that imposes privacy risk that must be properly addressed in order to companies to comply with LGPD, especially in cases where there is a large volume of personal data and/or processing of sensitive personal data.

In addition to having privacy security systems in place, the contracting of insurance against cyber-attacks is on the rise, due to the unpredictability of these events and the possibility of companies of being charged with fines and the liability for repairing damages suffered by data subjects, established in the LGPD.

According to data from the Brazilian Superintendence of Private Insurance (“SUSEP”), due to the growth of cybercrimes and information leaks, premiums issued by insurance companies resulting from cyber-attacks increased from about R$ 811.5 thousand in 2019 to R$ 31.6 million in 2020. In 2021, until June, the indemnities paid by insurance companies, as disclosed by SUSEP, corresponded to R$ 41 million, thus following the growth trend.



[1] For more information regarding the entry into force and to understand the administrative sanctions established in the LGPD check out our published article on the topic available in the following link: http://dprlaw.com.br/publications/brazilian-general-data-protection-law-lgpd-administrative-sanctions-come-into-force-next-week/