*Bruno Vilas Boa Costa
In recent years, the discussion about the protection of personal data and privacy in the digital age has intensified. This issue became essential after the General Data Protection Law (LGPD - No. 13,709), approved in August 2018, most of which came into force in August 2020. However, due to the pandemic, legislators defined that the sanctions would start to take effect from September 1, 2021. The LGPD defines that companies and public bodies that do not adapt to the norm may be punished with penalties ranging from a warning to fines that can reach the value of R$ 50 millions.
Specifically with regard to strategic panels in public bodies, my participation in the development of various projects (price panel, purchase panel, travel panel, etc.), drives me to raise an alert about the need to establish new practices of data governance, which has been “run over” in the face of the urgency of the demands and can potentially violate the LGPD.
It is common for data from the “base” of dashboards to be sent directly in spreadsheets to data operators. There are situations in which access to transactional systems databases is provided directly to third parties. These are actions that sabotage any attempt to follow good governance practices and go against the guidelines of the LGPD.
Unfortunately, the frequency with which we come across news of personal data leakage of millions of Brazilians has increased. These events shed a light of concern over the data used in the strategic panels, which are highly sensitive data, for example from ongoing investigations against corruption.
Therefore, it is necessary to issue an alert to public managers and others involved in the process of making information available to the government's strategic panels, especially those involving sensitive data, so that they pay attention to the processes of making data available in their body.
At the same time, I emphasize that it is possible to reduce the risk of leakage and provide greater data governance, based on systems and new procedures that meet the most varied existing data architectures, from those that make use of simple spreadsheets and want to create dashboards , even those with cloud environments or environments with many machines in cluster, involving replication of data between different stages and sources and destinations.
One of the measures is the use of data cataloging tools from the use of various technologies, which has been debated in governance discussions. This cataloging aims to provide a single channel of entry and access to the organization's data.
You know that story that for each demand for data from the agency, requested by users, a specific solution must be generated to meet it (spreadsheet, view on BD, csv file etc.) and shared via email? With this single data access channel, this process will no longer exist.
Access to data will still occur, but in such a way that it is performed using the user's credentials (authenticated access), which will be audited, making it possible to retrieve the actions performed by the user with the data within the catalog. That is, providing greater governance.
The catalog, as a single entry “gate” for the agency's data demands, meets the most diverse needs from point data extractions (spreadsheet format) to the delivery of information for data scientists to use in algorithms.
Thinking about a strategic dashboard, it is still common to come across an excess of data sent that is not necessary for the purpose of the dashboard under development. Often, sending data such as CPF, RG, agency and account, is not relevant to the panel.
In the scenario with a data catalog, it is possible to work in some ways to extract only the necessary information, for example, generating a table with data reduction for the respective user within the catalog itself or the application of masking techniques.
Implementing the data catalog makes the information sharing process more secure and governed, as data access occurs through a single means, radically simplifying and accelerating the way government organizations manage, prepare and deliver data – from the system until delivery to the user.
Another advantage is that the process of building strategic panels gains in agility, preserves the confidentiality of information, meeting the most diverse rules and data protection legislation, providing auditing and traceability.
* Brunno Vilas Boa Costa, Analytics Consultant at IN – Business Intelligence. Graduated in computing from the University of Brasília, with a specialization in Business Intelligence Analysis from the Institute of Management and Information Technology and Business Management from Fundação Dom Cabral.
Notice: The opinion presented in this article is the responsibility of its author and not of ABES - Brazilian Association of Software Companies
EN 
PT 
