GENERAL PERSONAL DATA PROTECTION LAW: CIVIL LIABILITY FOR INFORMATION LEAKAGE

Abstract

The protection and security of personal data have become increasingly relevant in contemporary society, especially with the advancement of information and communication technologies. In this context, the leakage of personal data is a growing concern, requiring the judicial power to implement the General Data Protection Law (LGPD), currently in force in Brazil. This article seeks to analyze the civil liability of companies in cases of personal data breaches, within the context of the LGPD. In order to bring more clarity to the proposed topic, the fundamentals of the LGPD and the guidelines established by the legislation for the treatment of personal data will be initially addressed, highlighting the need for protection of this information and the rights of data subjects. In addition to conducting an analysis of the civil liability of companies in cases of personal data breaches, considering the conduct adopted by companies in protecting this information and the potential damages caused to data subjects. Preventive measures that companies should adopt to prevent breaches will also be highlighted, such as the implementation of information security policies and employee training. Furthermore, coercive application to companies that fail to comply with the LGPD will be examined succinctly, through the jurisprudential and doctrinal  understanding of judgments in Brazilian courts. The research conducted shows that despite the LGPD representing an important milestone for data protection in the country, its effectiveness is hindered by existing gaps in legislation, demonstrating a fragility regarding the determination of fault, quantification of damages, and identification of those responsible.