An alleged hacker attack on Gravy Analytics, company responsible for processing location data of millions of users, raises concerns about the security of personal information and the impacts of its exposure
The leak, that may have compromised 17 TB of data, revealed information such as addresses of public figures, daily trajectories of individuals and the identity of LGBTQIA+ dating app users in countries where these people face discrimination or are criminalized
The incident reinforces the responsibility of technology companies that operate with sensitive data. "To avoid occurrences like this", companies need to invest in prevention, update policies and protocols, use security tools and, mainly, empower your employees, Patricia Peck stands out, CEO of Peck Advogados
Keeping employees updated on the company's data protection policies and rules can be the most effective tool to prevent leaks. "The crisis room training", that allows simulating scenarios and rehearsing measures, can make all the difference in knowing how to properly handle an incident response, explain the lawyer
In Brazil, the General Data Protection Law (LGPD) establishes clear rules for the protection of personal data, requiring technical and administrative measures to prevent unauthorized access. Failing to comply with these obligations can result in financial penalties and damage to the reputation of the companies involved
Although the legislation already provides for obligations for entrepreneurs, the lawyer specialized in Digital Law states that "the cyber resilience score of Brazilian companies and public institutions is low. The new threats brought by the criminal use of AI with Deep Fake make the situation even more concerning
As data becomes increasingly economically relevant, companies need to continuously invest in advanced security solutions, like cryptography, system audits and strategies to mitigate damage in case of a leak. This protection is not just a legal requirement, but another way to preserve the trust of users and the market itself
"Data leak cases show that it is necessary to adopt a preventive stance in cybersecurity". Organizations need to combine investments in technology with training to protect individuals' rights and comply with current legislation, alert to the CEO of Peck Advogados
