The new data privacy and security legislation, initiated by the Brazilian government, is titled Lei Geral de Proteção de Dados. This is a new law that was passed by the National Congress of Brazil on August 14, 2018, and put into effect just over two years later.
The central feature of the legislation is to establish the rules on collecting, handling, storing and sharing of personal data managed by organizations. The law deals with the concept of personal data and lists the legal bases that authorize its use.
For general business advice in relation to the new legislation, Digital Journal caught up with Cindy Provin, General Manager of nCipher Security and SVP of Entrust. The focus was on establishing roots of trust throughout the enterprise during this implementation.
According to Provin: “Data compliance regulations like LGPD have put data protection and encryption at the forefront of customers’ security strategies, especially within the financial services and telecom industries, government, and with organizations. Effective encryption strategies require strong key generation and management and the best practice is to store those keys in an Hardware Security Module (HSM).”
Hardware Security Modules (HSM) are tamper-proof physical devices that safeguard secret digital keys and help in strengthening asymmetric/symmetric key cryptography.
The analyst explains further the advantages of this approach, noting: “Encryption protects sensitive information including financial data, government identifications by making it unreadable, but if you fail to protect the encryption keys it is like locking your front door and leaving the keys under the mat.”
Further more, she notes: “When businesses employ encryption they are better positioned to win and keep customers everywhere. A robust root of trust must be established to ensure that the keys and credentials that underpin the security of the encryption solutions deployed are always protected. Hardware security modules can enable that.”