Leonardo Militelli, Alexsandro Calhau, Thomaz Côrte Real, Paulo Sanches, Leonardo Militelli and Carlos Sacco
Meeting debated adequacy in the insurance sector
In Militelli's assessment, the main virtue of the LGPD is that it horizontally involves all companies, regardless of size, and all company employees and partners. “Everyone is responsible. In Europe, where GDPR is in force, fines have already started to be applied. It is necessary to foster maturity in society”, he adds.
Carlos Alberto Sacco, director and director of Relationship and Services at ABES, emphasized the importance of associativism, as entities can support companies to adapt to the new regulations, as ABES has been doing. He cited the implementation of the One Ethics Company Program, which encourages the use of compliance programs in the IT sector. “Today we have more than 200 bills in progress that directly affect our business. Therefore, this union is important so that we can defend positive points and work to reject those that may have negative impacts”. Sacco also presented examples of recent breaches and attacks in Europe to illustrate the diversity of situations in which data is at risk.
challenges and opportunities
The morning of debates was followed by a panel with the participation of Militelli, Thomaz Côrte Real, a lawyer specialized in Technological Law and member of the ABES Legal Department; Alexsandro dos Santos Calhau, managing partner of A2G Corretora de Seguros, specialized in insurance for class entities and their associates; Paulo Sanches, responsible for the Information Security area at SulAmérica Seguros; and Alexandre Correa, from the Internal Controls sector of the Bradesco Seguros Group. The mediation was performed by Andriei Guerreiro Gutierrez, coordinator of the ABES Regulatory Committee and coordinator of the Movimento Brasil, País Digital.
Gutierrez raised several questions about the impacts of the LGPD on the insurance sector, such as the different levels of responsibility in the collection, treatment and control of data, which involves not only insurance companies, but brokers and partners. “How to achieve compliance across this ecosystem”? It also questioned how legacy data should be treated, risk assessment and the possibility of requesting automated decision review and how fraud prevention will be carried out.
For Alexandre Correia, it is necessary to have a vision of the entire process. He explains that there are two models of brokers, the market and those that trade within the company. “Our idea is mapping, ranking the most sensitive points, contractual issues and checking in loco whether the environment complies. This can even be done by the company itself or through an audit”.
Good habits
“At first I was very critical, but after studying a lot, I saw that LGPD is not terror. The principle of the Law is good faith”, highlighted Thomaz Côrte Real. He bets that if companies demonstrate to the ANPD good governance practices in information security, it will take this into account in the event of an incident and in the analysis for the application of possible penalties. “Always use the principle of good faith, effectively implementing the LGPD in companies, to justify to the ANPD that your organization is in compliance”.
Alexandro Calhau highlighted that, although the issue of data security is very comprehensive, considering the context of the activity, which also involves brokers representing other brokers, there are opportunities in the sector. “All this concern has generated demands for cyberinsurance, not only from software companies, but from all sectors”. It also provides for the standardization of information. “In the case of small and medium-sized insurance companies, many will be acquired and others will be structured to grow”.
“A very positive point is that the law came to show what information security really is and that it has to permeate all layers of companies”, says Paulo Sanches. A practice that is being reviewed, according to the executive, is the use of data collected for the sale of a certain product to offer other products. “Knowing the business thinking about security and privacy will increasingly be a multidisciplinary issue”.
The meeting ended with the presentation made by Marília Aguiar, leader at IBLISS, of a practical case of application of the GAT platform – Get Ahead of Threats, which allows a centralized view of the risks and threats of the companies' environment, reduction of exposure time threats and increased productivity.