The Digital Law represents the maturation of the legal role as a link between innovation and risk management. Understand better how the area that has become a strategic tool works and corresponds to the evolution of the Law itself.
Digital law in the set of rules and codes of conduct that govern the individual’s behavior and new relations, whose medium, or manifest evidence, of where it occurs is digital. Creating electronic data that embody and represent his assumed obligations and respective identity. In that matter, it should gather principles, laws and self-governing norms that answer to a new social interaction reality, non-present, interactive and in real time. Therefore, Digital Law is an evolution of law itself, which is able to cater to changes in behavior and to the need of new conduct controls created by the use of technology.
The norms in Digital Law are the same ones existing today that are valid and applicable: the 1988 Federal Constitution, the new Civil Code, the Code for Consumer Protection, the Criminal Code etc. There are a series of new laws that strive to answer new questions, specific to the use of technology, such as software piracy, e-commerce, copyrights, cybercrimes, and also international treaties and regulations. All of this composed the normative framework of Digital Law.
The first step is to perform a legal risk audit, to identify vulnerabilities and, then, develop a corrective and preventive plan. This initial analysis must address three strategical interfaces of the company users: 1) Employees; 2) Clients; and 3) Partners and Providers.
In principle, yes. The company shares a solidary liability with its employees for the misuse of work tools, whether or not they are technological, within the rule of “culpa in vigillando”.
The concept of privacy in Brazil is an irrefutable presumption. This means that if it is not clear that the environment is not private, we must interpret it is. Non-private environments must be clearly delimited. In corporate environment, commonly monitored in an effort to prevent information security incidents, it is fundamental to clearly and unequivocally indicate that it is not private, as the company has access to corporate email and data traffic, such indication must be made clear in documents, graphical interface and upon use of corporate tools.
It is necessary to have a policy on the use of email and other technologies by the employees, which must be written in an adequate and objective manner, with clear rules about what is right and wrong in the use of these tools in the company, separating personal from corporate. Everyone must sign this policy, through an Acknowledgement Term, or figuring as an Annex to the work contract. It is also recommended that a specific training be offered, to instruct the employees on the new rules. If the company shares data and access information with third parties be they outsourced freelancers, contractors or clients, we recommend the policy to foresee such cases as well.
Software enjoy the same system of protection of other intellectual works, and dispenses any formalities. However, due to the nature of the work, we strongly recommend its registration with the INPI (www.inpi.gov.br), which is the Brazilian government agency responsible for their registry.
It is the preservation of confidentiality, integrity, availability, legality and authenticity of the information. It aims to protect information from various types of threats to ensure business continuity, minimize business damage and maximize the return on investment and new transaction opportunities.
Because everything is data in the digital society. An individual’s identity, a client’s information, a statement of income tax, even a consumer’s profile. Therefore, part of a company’s business is to protect this information, as they demand privacy, secrecy and confidentiality. Everything is connected in real time, and the actions of one person, a single infected email, can damage all the company’s assets, including its database. Since the Internet and other technological tools are recent, it is not clear to people what is right or wrong in their use. In the company, the technology is a work tool, and it is up to her to define, through policies and information security, what is appropriate to protect its business and employees, avoiding running into unnecessary risks that may come to a civil or criminal liability, and even dismissal.
A security incident can be defined as any adverse event, confirmed or alleged, related to the security of the computer systems or network. Some examples: attempts to gain unauthorized access to systems or data; denial of service attacks; misuse or non-authorized access to a system; modifying a system without instructions or previous consent of its owner to do so; any disrespect to the information security or proper use policies for a company.
A set of information and electronic files that can represent the relation and/or obligation created, agreed or contracted by any digital means. The important part is that, in this hypothesis, the original file is the digital one, any other physical version of it is a copy, and cannot be subjected to forensics.
There is no clear definition. Internally, companies and institutions can define those as a series of situations that may indicate such misuse in a policy for proper use. On the Internet, the following behaviors can be considered as misuse, or abusive use: spamming people; non-authorized copying and distributing of work protected by copyrights; use of the Internet to promote libel, slanders, threats and frauds; attempting to attack other computers; compromise other computers and networks.
It is the legal protection of all manifestations of the brand and trademark in digital format, ranging from the signature of the email (the brand that goes after the “@”), the website, the virtual store, the presence on partner sites, or third party, the links, the presence in tools and search engines, online media and online press, blocking images and photos of products, content and everything else that has relationship with the brand.
It is the use of best practices of Digital Law on corporate digital communications, so that databases from their clients and users, collected online, can be used in a legal and ethical manner, offering no risks to the brand or even raising question regarding privacy rights. This can be used on email marketing, registration form, the sharing of a client database with third parties and its use on online promotions.
Contracts drawn up with specific clauses to meet issues of technological outsourcing, digital certification use, hosting, storage, in other words, everything that has to do with the use of technology in business.
Digital certification is the activity of recognition in an electronic medium that is characterized by the establishment of a unique, exclusive and non-transferable relationship between an encryption key, inserted into a digital certificate, the CLIENT and the Certifying Authority. Any certification can be used, but the only one that has the legal presumption of public faith is the one instituted by the MP n. 2.200/2001, which is the public key structure of the ICP-Brasil, and has the role of “ensure the authenticity, integrity and legal validity of electronic documents, support applications and enabled applications that use digital certificates, as well as conducting secure electronic transactions”.
On this website, there is a specific area on Courses and Reading Suggestions. In addition to our works, articles and interviews, we selected for you a list of national and international books that can aid you in your studies. There are also tips for research, as well as courses related to the area.
We are constantly looking for professionals who excel and whose dream is to innovate, and have a great passion for technology. If you fit these requirements, fill in the form on the site “Careers” area. When receiving your contact and professional information, these data will integrate our talent database. Once an opportunity arises, we will contact you.