Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Brazil: Consumer protection agency announces data incident affecting Enel

The Protection and Consumer Defence Foundation of the State of São Paulo ('PROCON-SP') announced, on 11 November 2020, that it had called on Enel Distribuição São Paulo to provide information on a data breach of customers' registration data. In particular, PROCON-SP highlighted that the affected information included full names, social security numbers, bank account numbers, addresses, and telephone numbers.

In addition, PROCON-SP called on Enel to demonstrate whether it adopts security, technical, and administrative measures to protect personal data from unauthorised access and accidental or unlawful situations of destruction, loss, alteration, communication, or any other form inadequate or illicit treatment. Moreover, PROCON-SP noted that Enel must provide information on whether their employees have been properly trained on the application of the Law No. 13.709 of 14 August 2018, General Personal Data Protection Law (as amended by Law No. 13.853 of 8 July 2019) ('LGPD') and explain why the affected data was not encrypted in the processing of the data. Finally, PROCON-SP also requested that Enel outlined the procedures taken for analysing a data incident, the measures taken to mitigate possible damage, whether it has an incident response team statement, and whether it carried out a Data Protection Impact Assessment ('DPIA').

You can read PROCON-SP's press release here, and Enel's press release here, both only available in Portuguese.