Brazilians are neither happy with the way in which companies handle their personal data or trust them, according to a new study.
The global survey was carried out on behalf of IBM with 11,000 consumers by The Harris Poll in 11 countries including Brazil. It has found that 96 percent of Brazilians believe companies don’t do enough to protect their personal information.
This compares with the average in the other countries where the survey was undertaken, where just over half of consumers believe organizations should do more to safeguard their information.
In terms of control over what happens to their data, 5 in 10 Brazilian consumers know that their information is always, or often shared with other organizations they are unaware of. Some 81 percent of Brazilians admitted to having lost control in terms of how their data is being used by companies.
In addition, the report has found that 6 in 10 Brazilians know someone who has been a victim of a data leak or have been through such situations themselves.
One such leak was revealed today as Consiga Cred, a Brazilian company that acts as a middleman to 50 banks and offers several banking services including loans, exposed sensitive data of over 1,4 million consumers.
The incident, first reported by Brazilian website The Hack, involved exposure of individual consumer details such as ID and telephone numbers, as well as address and date of birth, but also information relating to credit operations such as individuals’ salaries, loan amounts and the value of installments to be paid.
The leak occurred as part of a flaw in the company’s system, where one of the public directories contained the customers’ information. The directory’s URL was also indexed to search mechanisms and, according to Consiga, the company was unaware of the fact until The Hack’s source raised the issue.
After being alerted about the leak on November 21, the company only responded to the website and pulled the directory from the public domain on November 27.
Brazil’s General Personal Data Protection Act (LGPD) is due to go live in August next year. Last month, a bill has proposed postponing the date to August 15, 2022.
Among the arguments of the proposal put forward by congressman Carlos Bezerra is the slowness in setting up the National Data Protection Authority (ANPD, in the Portuguese acronym), which will be responsible for editing the data protection and privacy regulations.
The bill points out that the extension will allow the ANPD’s governing body to be chosen, as well as a national campaign to be set up, which would inform the population and businesses about the importance of the new rules. The proposal now awaits evaluation.