Brazil

Brazil
Law Name	Law 13709 for the treatment of personal data (August 14, 2018)
Link to the Law	https://www.loc.gov/item/global-legal-monitor/2018-08-28/brazil-personal-data-protection-law-enacted/
Data Transfer	It can be done with the consent of the data subject.
Data Sharing	Must receive consent to use data and process it. Under the current law, there are provisions regarding “sensitive personal data”. “Sensitive data” applies to health and genetic and biometric data. In the new law, separate consent will be required as well as explicit information provided to the data subjects involved in processing sensitive data.
Data Retention	Data subjects have the right to deletion of personal data (on the internet) as long as the relationship between the parties is complete and as long as the mandatory log retention is not required.
Governance	Under the current law, agencies responsible for personal data must provide data subjects with information about obtaining, use, storage, processing and protection of personal data. Additionally, in order to process data, consent must be given. Logs must be kept confidential and the security measures must be made clear to the data subject. Under the new Bill, there will be a mandatory appointment of data protection responsible or a Chief Data Protection Officer.
Enforcement	There is currently a new governing or enforcement agency. Under the new Bill there will be a designated agency that will enforce the security protections of personal data and data transfers.
Breach Notification	As of now, the Brazilian law does not require that the data subject be informed if there is a breach in security of their personal data. In the new bill that is being reviewed, the data subject will have to be informed if their personal data is breached (especially if it can be harmful to them).
Health Privacy Law	http://conselho.saude.gov.br/legislacao/lei8080_190990.htm Portuguese
Electronic Health Records Law	Law for electronic health records Nº13.787 December 2018 http://www.planalto.gov.br/ccivil_03/_Ato2015-2018/2018/Lei/L13787.htm
Notes	The Electronic Health Records Regulations for Brazil passed in December 2018.

Institute for Bioethics and Health Policy

Miller School of Medicine
P.O. Box 016960 (M-825)
Miami, FL 33101
305-243-5723 305-243-5723

Resources

UM Network

Visit

Connect

Copyright: 2024 University of Miami. All Rights Reserved.
Emergency Information
Privacy Statement & Legal Notices

Individuals with disabilities who experience any technology-based barriers accessing the University’s websites or services can visit the Office of Workplace Equity and Inclusion.