On August 14, 2018, the Brazilian General Data Protection Act (LGPD) – Statute #13,709 established general rules for the protection of every individual's personal data – something that, until then, lacked safeguards and limits on third-party use.

‍

Not many Brazilians are aware that Statute #13,964, of December 24, 2019, emerging from the former Justice Minister Sérgio Moro's anti-crime package, has brought a great innovation that could change the scenery of corruption  and other crimes in Brazil, especially the  "White collar” ones. It amended another Statute, #13,608, by introducing the role of the informer. Introducing protective measures therefor, such as: (i) full protection against retaliation, establishing specific sanctions for those who retaliate; (ii) exemption from civil or criminal liability in relation to a report in good faith; and (iii) identity confidentiality. Furthermore, the Statute provided for a reward of up to 5% of the amount recovered, when information results in recovery of revenue resulting from crimes against the public administration (government).

‍

ERM, short for enterprise risk management, plays a fundamental role in identifying, preventing, and managing potential risks that may impact business and influence a company's results, ensuring its long-term viability.

With regard to investigations of corruption in Brazil, the police authority, the Brazilian Office of the Comptroller General (CGU), the Prosecution Office and even the Internal Affairs of various public entities are invariably involved.

One of the most significant concerns in today's corporate environments is the risk of confidential information being leaked or shared without authorization. This exfiltration of confidential information is known to occur not only through unauthorized access by an external agent, but also through the actions of a malicious internal collaborator.

The entry into force of the General Data Protection Regulation (GDPR) in the European Union, in 2018, gave rise to concerns about the issue of protection of personal data in the United States of America, especially after the European Court ruled that the Privacy Shield would no longer be accepted as a guarantee for the transfer of personal data of European citizens to the US.

‍

The United States Securities and Exchange Commission announced the payment of the highest award ever paid to a whistleblower since the awards were instituted by the Dodd-Frank Act, sanctioned in 2010.

Since 2010, with the enactment of the "Dodd-Frank Act", the United States introduced the whistleblower, i.e., someone who witnesses an irregularity within the following parameters:

‍

In February 2020, the European Data Protection Board released a recommendation guide on essential guarantees for surveillance measures implemented under the European General Data Protection Regulation – GDPR.

‍