Diagnostic of Data Processing by Brazilian Organizations—A Low Compliance Issue

Ferrão, Sâmmara Éllen Renner; Carvalho, Artur Potiguara; Canedo, Edna Dias; Mota, Alana Paula Barbosa; Costa, Pedro Henrique Teixeira; Cerqueira, Anderson Jefferson

doi:10.3390/info12040168

Cited by 16 publications

(14 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Desta forma, com esse alcance mundial da GDPR, o Brasil sancionou, em 14 de agosto de 2018, a Lei Geral de Proteção de Dados (LGPD), Lei nº 13.709 (BRASIL, 2018), que entrou em vigor em 18 de setembro de 2020, e tem, como base na GDPR, a finalidade de estabelecer as diretrizes para a coleta, o processamento, o armazenamento e o tratamento de dados pessoais no Brasil (BRASIL, 2018;FERRÃO et al, 2021;PELLOSO PIURCOSKY et al, 2019;SILVA;CALEGARI;GOMES, 2019).…”

Section: A Lei Geral De Proteção De Dadosunclassified

“…Assim, o tratamento desses dados sensíveis está na Seção II -Do tratamento de dados Pessoais Sensíveis, arts. 11, 12 e 13 (BRASIL, 2018) e é considerado o principal objetivo da aplicabilidade da LGPD (FERRÃO et al, 2021).…”

Section: A Lei Geral De Proteção De Dadosunclassified

“…Além disso, caberá a esses responsáveis e suas organizações a formulação de PCA que se adeque a LGPD, buscando a implementação de normas de privacidade e segurança, padrões técnicos, obrigações para aqueles que tratam os dados, ações educativas para empregados/servidores e, por fim, supervisão de riscos envolvendo o tratamento de dados pessoais, o que trará mais transparência para as organizações brasileiras e o comprometimento com seus usuários (BRASIL, 2018;FERRÃO et al, 2021).…”

Section: A Lei Geral De Proteção De Dadosunclassified

See 2 more Smart Citations

Framework Conceitual Utilizando BPM para Identificação e Tratamento de Dados Pessoais e Sensíveis de Doadores de um Serviço de Hemoterapia

Pires¹,

Costa²,

Santos³

et al. 2023

Anais Da 2ª Conferência Brasileira De Planejamento Experimental E Análise De Dados: ConBraPA 2022

View full text Add to dashboard Cite

Resumo: Os estoques de bolsas de sangue para atender à população de pacientes que necessitam ser transfundidos é uma das principais preocupações dos serviços de hemoterapias dos Hospitais Públicos. A complexidade de gerenciamento da cadeia de suprimento de sangue abrange desde a captação de doadores de sangue até a dispensação das bolsas de sangue para serem transfundidas. Entender os processos da cadeia e manter a segurança dos dados pessoais e sensíveis dos doadores passa a ser uma das premissas para as organizações públicas de saúde. Objetivo: a pesquisa tem como objetivo a criação e aplicação de um framework conceitual que utiliza as abordagens e os conceitos de Business Process Management para apoiar o gerenciamento e a segurança dos dados pessoais de DS. Materiais e Métodos: o método adotado foi a revisão de literatura com base em artigos científicos e o uso do BPM na construção do framework conceitual e aplicá-lo em um serviço de hemoterapia de um Hospital Público Federal (HPF) -Brasil. Resultados: por meio do mapeamento do processo de doação de sangue e utilizando o framework conceitual, foram evidenciadas possíveis falhas que podem expor os dados pessoais e sensíveis de candidatos à doação de sangue que estariam em desconformidade com a Lei Geral de Proteção de Dados. Conclusão: A utilização do framework conceitual com BPM para modelar um processo organizacional facilita a identificação das vulnerabilidades dos dados pessoais e sensíveis do cidadão que circulam neste processo e estão em desacordo com as normas da Lei.

show abstract

Section: A Lei Geral De Proteção De Dadosunclassified

See 1 more Smart Citation

Framework Conceitual Utilizando BPM para Identificação e Tratamento de Dados Pessoais e Sensíveis de Doadores de um Serviço de Hemoterapia

Pires¹,

Costa²,

Santos³

et al. 2023

Anais Da 2ª Conferência Brasileira De Planejamento Experimental E Análise De Dados: ConBraPA 2022

View full text Add to dashboard Cite

show abstract

“…As we find out that there are more that regulation and laws concern privacy disclosure. For instance, Brazilian citizens' complaints regarding data privacy are rising by the day, particularly with the access into force of the General Data Protection Law (LGPD) [34]. The purpose of the Act is to regulate the handling of personal data.…”

Section: Related Workmentioning

confidence: 99%

A Framework for Privacy and Security Requirements Analysis and Conflict Resolution for Supporting GDPR Compliance Through Privacy-by-Design

Alkubaisy

Piras

Al-Obeidallah

et al. 2022

Communications in Computer and Information Science

View full text Add to dashboard Cite

Requirements elicitation, analysis, and, above all, early detection of conflicts and resolution, are among the most important, strategic, complex and crucial activities for preventing software system failures, and reducing costs related to reengineering/fixing actions. This is especially important when critical Requirements Classes are involved, such as Privacy and Security Requirements. Recently, organisations have been heavily fined for lack of compliance with data protection regulations, such as the EU General Data Protection Regulation (GDPR). GDPR requires organisations to enforce privacy-by-design activities from the early stages and for the entire software engineering cycle. Accordingly, requirements engineers need methods and tools for systematically identifying privacy and security requirements, detecting and solving related conflicts. Existing techniques support requirements identification without detecting or mitigating conflicts. The framework and tool we propose in this paper, called ConfIs, fills this gap by supporting engineers and organisations in these complex activities, with its systematic and interactive process. We applied ConfIs to a realistic GDPR example from the DEFeND EU Project, and evaluated its supportiveness, with positive results, by involving privacy and security requirements experts 1 .

show abstract

“…This Law applies to organizations in Brazil and organizations that are not physically located in Brazil but offer goods and services or process personal data in Brazil, and its primary purpose is the processing of individuals’ personal data, i.e., information related to an identified natural person, such as name, age, marital status, and documents, performed by controllers and processors [ 2 ]. Regarding data privacy, several models were proposed with principles similar to LGPD [ 21 , 22 ], among them ISO/IEC 29100 – Information technology — Security techniques — Privacy framework [ 23 ] and the General Data Protection Regulation – GDPR [ 1 , 24 ]. GDPR started effect in the European Union (EU) on May 25, 2018, through the Regulation EU 2016/679 [ 1 ].…”

Section: Background and Related Workmentioning

confidence: 99%

Guidelines adopted by agile teams in privacy requirements elicitation after the Brazilian general data protection law (LGPD) implementation

et al. 2022

Self Cite

View full text Add to dashboard Cite

The Brazilian General Data Protection Law (LGPD) implementation has impacted activities carried out by the software development teams. Due to it, developers had to become aware of the existing techniques and tools to carry out privacy requirements elicitation. Extending our previous work, we have investigated the actions taken by organizations regarding the LGPD, specifically in software development, considering the perception of agile development teams after two years of the LGPD implementation. In addition, we also investigated the perception of an agile team regarding the practices, techniques, and tools previously cited by practitioners as potential solutions for use in this context, along with techniques already in use in the current context. We have conducted a systematic literature review (SLR) and selected 36 primary studies. Furthermore, we have conducted a survey with 53 IT practitioners and semi-structured interviews with ten practitioners. The LGPD principles are known by most agile teams and are being implemented by the organizations, although the existing tools to support privacy requirements elicitation are still underused by agile teams. Moreover, agile teams consider that software requirements and software construction are the most impacted areas of knowledge by the LGPD, and most of them use user stories in privacy requirements elicitation. Our findings reveal that agile teams and Brazilian organizations are more concerned with user data privacy issues after the LGPD became effective. However, agile teams still face challenges in privacy requirements elicitation.

show abstract

Diagnostic of Data Processing by Brazilian Organizations—A Low Compliance Issue

Cited by 16 publications

References 22 publications

Framework Conceitual Utilizando BPM para Identificação e Tratamento de Dados Pessoais e Sensíveis de Doadores de um Serviço de Hemoterapia

Framework Conceitual Utilizando BPM para Identificação e Tratamento de Dados Pessoais e Sensíveis de Doadores de um Serviço de Hemoterapia

A Framework for Privacy and Security Requirements Analysis and Conflict Resolution for Supporting GDPR Compliance Through Privacy-by-Design

Guidelines adopted by agile teams in privacy requirements elicitation after the Brazilian general data protection law (LGPD) implementation

Contact Info

Product

Resources

About