Leonardo Militelli, Alexsandro Calhau, Thomaz Côrte Real, Paulo Sanches, Leonardo Militelli and Carlos Sacco
Meeting debated adequacy in the insurance sector
“In 2019 alone, millions of personal data were leaked. We need to be clear about the impacts that this magnitude of leaks can cause”, said Leonardo Militelli, cyber risk management specialist, founder and CEO of IBLISS Digital Security and the GAT – Get Ahead of Threats platform, opening the 4th cycle of debates “LGPD Countdown @ Inovabra – Challenges and Opportunities”, which addressed aspects of compliance with the law in the insurance market, held this Tuesday (11) at Inovabra Habitat, in São Paulo.
"It is necessary to foster maturity in society", says Militelli
Militelli defends that for data protection to really happen, it is necessary to go beyond compliance. According to the specialist, technological and cultural adequacy are fundamental, reinforcing the concept of Security & Privacy By Design. “With every new project, we have to think about security and privacy first. Start building the systems through which data will circulate in a more secure, integrated and cheaper way”, he recommends.
In Militelli's assessment, the main virtue of the LGPD is that it horizontally involves all companies, regardless of size, and all company employees and partners. “Everyone is responsible. In Europe, where GDPR is in force, fines have already started to be applied. It is necessary to foster maturity in society”, he adds.
In Militelli's assessment, the main virtue of the LGPD is that it horizontally involves all companies, regardless of size, and all company employees and partners. “Everyone is responsible. In Europe, where GDPR is in force, fines have already started to be applied. It is necessary to foster maturity in society”, he adds.
Sacco highlights the importance of associativism
Carlos Alberto Sacco, director and director of Relationship and Services at ABES, emphasized the importance of associativism, as entities can support companies to adapt to the new regulations, as ABES has been doing. He cited the implementation of the One Ethics Company Program, which encourages the use of compliance programs in the IT sector. “Today we have more than 200 bills in progress that directly affect our business. Therefore, this union is important so that we can defend positive points and work to reject those that may have negative impacts”. Sacco also presented examples of recent breaches and attacks in Europe to illustrate the diversity of situations in which data is at risk.
challenges and opportunities
The morning of debates was followed by a panel with the participation of Militelli, Thomaz Côrte Real, a lawyer specialized in Technological Law and member of the ABES Legal Department; Alexsandro dos Santos Calhau, managing partner of A2G Corretora de Seguros, specialized in insurance for class entities and their associates; Paulo Sanches, responsible for the Information Security area at SulAmérica Seguros; and Alexandre Correa, from the Internal Controls sector of the Bradesco Seguros Group. The mediation was performed by Andriei Guerreiro Gutierrez, coordinator of the ABES Regulatory Committee and coordinator of the Movimento Brasil, País Digital.
Gutierrez: How to achieve compliance in the insurance ecosystem?
Gutierrez raised several questions about the impacts of the LGPD on the insurance sector, such as the different levels of responsibility in the collection, treatment and control of data, which involves not only insurance companies, but brokers and partners. “How to achieve compliance across this ecosystem”? It also questioned how legacy data should be treated, risk assessment and the possibility of requesting automated decision review and how fraud prevention will be carried out.
For Alexandre Correia, it is necessary to have a vision of the entire process. He explains that there are two models of brokers, the market and those that trade within the company. “Our idea is mapping, ranking the most sensitive points, contractual issues and checking in loco whether the environment complies. This can even be done by the company itself or through an audit”.
Good habits
.jpg)
The principle of the law is good faith, evaluates Côrte Real
“At first I was very critical, but after studying a lot, I saw that LGPD is not terror. The principle of the Law is good faith”, highlighted Thomaz Côrte Real. He bets that if companies demonstrate to the ANPD good governance practices in information security, it will take this into account in the event of an incident and in the analysis for the application of possible penalties. “Always use the principle of good faith, effectively implementing the LGPD in companies, to justify to the ANPD that your organization is in compliance”.
Calhau foresees standardization of information in the sector
Alexandro Calhau highlighted that, although the issue of data security is very comprehensive, considering the context of the activity, which also involves brokers representing other brokers, there are opportunities in the sector. “All this concern has generated demands for cyberinsurance, not only from software companies, but from all sectors”. It also provides for the standardization of information. “In the case of small and medium-sized insurance companies, many will be acquired and others will be structured to grow”.
Security and privacy are multidisciplinary issues, for Sanches
“A very positive point is that the law came to show what information security really is and that it has to permeate all layers of companies”, says Paulo Sanches. A practice that is being reviewed, according to the executive, is the use of data collected for the sale of a certain product to offer other products. “Knowing the business thinking about security and privacy will increasingly be a multidisciplinary issue”.
The meeting ended with the presentation made by Marília Aguiar, leader at IBLISS, of a practical case of application of the GAT platform – Get Ahead of Threats, which allows a centralized view of the risks and threats of the companies' environment, reduction of exposure time threats and increased productivity.
.jpg)
EN 
PT 
