The case of the information leak by the American agency NSA (National Security Agency) and the suspicion that leaders of several countries had their data breached brought to light the discussion about data security and what are the correct measures to guarantee your privacy. . In Brazil, defenders of free software took the opportunity to encourage this model again, claiming that it could guarantee greater autonomy and, therefore, more security in relation to other models, which is not necessarily true.
In addition, the Executive Power itself, seeking to provide a quick response to society, hastened to propose, perhaps without adequate technical analysis, the inclusion in the Bill of the Civil Rights Framework for the Internet, which is in the process of being voted on by Congress, an article that provides for the mandatory maintenance of Brazilian data within the national territory. It is important to note that data security and privacy are not about which platform the software was developed on or where the data is physically stored, but rather with the governance policy adopted to ensure that these premises are met.
A good practice to ensure data confidentiality is to require that the computer systems used comply with international security and certification standards, such as the “Common Criteria” (CC), which is an international standard (ISO/IEC 15408) for security. of computers. This standard is geared towards logical security and the development of secure applications, as it defines a specific method for evaluating systems development environments.
“Common Criteria” is a framework in which computer system users can specify their security and assurance functional requirements. In this way, vendors can then implement and/or make claims about the safety attributes of their products, while testing labs can evaluate the products to determine whether they actually meet the claims. In other words, Common Criteria provides assurance that the process of specifying, implementing, and evaluating a computer security product has been conducted in a rigorous and standardized manner.
by Jorge Sukarie
In the current world economy, Brazil uses and benefits from an uninterrupted flow of data inside and outside the country. The international flow of data is essential for Brazilian companies from all sectors of the economy – including small and medium-sized companies – to create innovative products and services, increase productivity, compete in the foreign market, fight fraud and create jobs. We cannot let a hasty decision, and without an adequate technical assessment, deprive Brazil of access to the Global Market and throw the country into a setback that can be as impactful as the days of the Market Reserve of decades ago.
Jorge Sukarie is president of ABES – Brazilian Association of Software Companies
EN 
PT 
