On October 23, the Superintendence of Private Insurance (SUSEP) published a Circular that provides for the data and information security and confidentiality policy of registration entities that are accredited by SUSEP to provide the service of registering insurance operations, supplementary pension plans, capitalization and reinsurance.
The proposal, which has now been submitted for public consultation, consolidates minimum standards that must be adopted by the accredited registration entities, within the scope of the data security and confidentiality policy.
The proposal prohibits: (i) the commercialization or availability of registered data and information, except with the express consent of the holder; and (ii) the exchange of information with other registration entities.
It is important to highlight that the rule proposes that the registration entities shall be held responsible for any damages caused as a result of the improper processing of data and information.
In addition, it is worth noting that the proposal meets the guidelines for the protection of personal data established by Law No. 13,709, of August 14, 2018 (Brazilian General Data Protection Law – LGPD), which recently came into force.
Finally, it should be noted that the Public Consultation will be open for suggestions until November 10, 2020.
Demarest’s Insurance and Reinsurance team will continue to follow the development of this Public Consultation until publication of the final text and is available to provide any clarifications on the subject.