What are the impacts of the National Cybersecurity Policy on data protection?

Even when no one expected it anymore, the National Cybersecurity Policy (PNCiber) was instituted in the final days of 2023, following another attempt to hack the First Lady’s account on X (formerly Twitter).

Proposed by the Institutional Security Office of the Presidency of the Republic (GSI/PR), this decree provides for the creation of the National Cybersecurity Committee (CNCiber), whose goal is to monitor the implementation and evolution of PNCiber, as well as propose updates and evaluations.

Brazil is one of the main targets for cybercriminals globally, leading the rankings for cyberattack attempts last year. In light of this, PNCiber aims to enhance cybersecurity across the country, focusing on the latest advancements worldwide.

Moreover, the main proposal outlined in the National Cybersecurity Policy is the unification of cybersecurity regulations within the federal structure, reducing the growing number of security incidents and positioning the country as an active participant in global cybersecurity discussions.

However, according to the GSI, which chairs the Committee, encouraging cybersecurity should not be the sole responsibility of the Executive Branch; it requires collaboration from other branches of government, including state and municipal levels, in alignment with various institutions such as the Federal Senate, the Federal Court of Accounts (TCU), the World Economic Forum, and others.

Negative Aspects of the National Cybersecurity Policy

While one of the primary goals of PNCiber is to unify the country's cybersecurity measures, one of the most relevant federal entities in the field of data privacy and security was left out of the committee’s regulation: the National Data Protection Authority (ANPD).

This raises questions about the reasons behind excluding the regulatory body of the General Data Protection Law (LGPD)—the only law aimed at protecting personal data in the country—in an initiative designed to combat violations in the digital environment.

It’s worth noting that personal data theft and leaks are among the main targets of cyberattacks in Brazil and globally.

Furthermore, many of the CNCiber member bodies are entirely political rather than technical in nature, such as ministries, the Federal Senate, and the TCU.

Positive Aspects of the National Cybersecurity Policy

On the other hand, the creation of the National Cybersecurity Policy is a strong indication that the country's leaders are paying attention to the risks posed by the rise in digital crime, which threatens the integrity of Brazilian organizations and the safety of the population.

With the creation of this policy, the expectation is that discussions about the importance of investing in cybersecurity will become more prominent in public agendas. After all, there were more than 23 billion attempted cyberattacks in 2023, according to Fortinet data, representing an imminent threat to privacy rights.

Thus, the unification of cybersecurity policies could strengthen the culture of digital security beyond just companies, making it a national practice.

Additionally, the number of confirmed security incidents may decrease due to improved governance in public and private institutions. This is because there will be more incentives to invest in the sector, leading to a natural evolution in how the country defends itself against cyber threats.

Did you enjoy this topic? At BugBuzz, BugHunt’s newsletter, we regularly discuss the most relevant issues in the cybersecurity market, just like this one. Click this link and subscribe now!