THE HUMAN FACTOR IN INFORMATION SECURITY FROM THE PERSPECTIVE OF THE LGPD

Abstract

This article analyzes the persistence of the human factor as the main vulnerability in information security structures, from the perspective of the Brazilian General Data Protection Law (LGPD). Although the Brazilian regulatory framework has established strict compliance standards and logical security solutions have reached high levels of sophistication, the behavioral fallibility of processing agents remains the critical vector for the materialization of security incidents. The investigation examines how negligence, malpractice, and vulnerability to social engineering tactics compromise the effectiveness of systemic barriers, generating risks of strict civil and administrative liability for organizations. Through a literature review and analysis of global incident reports, the study demonstrates that technical compliance is insufficient if detached from an ingrained data protection culture. It is concluded that continuous corporate education and digital literacy are not merely accessory measures, but indispensable legal instruments for mitigating damages and consolidating a resilient data governance based on the duty of vigilance.