ANPD concludes sanctioning process against public body

Summary:

The Brazilian National Authority for Data Protection (ANPD) has issued a decision concluding an administrative process against the Instituto de Assistu00eancia ao Servidor Pu00fablico Estadual de Su00e3o Paulo (IAMSPE). The decision finds IAMSPE guilty of violating the General Law on Protection of Personal Data (LGPD) by failing to maintain secure systems for storing and processing personal data of millions of public servants and their dependents. The institute also failed to provide clear, timely, and adequate communication to data owners about a security incident. As a result, two warning sanctions were imposed, and corrective measures were ordered to mitigate the effects of the violation and prevent similar incidents in the future.